5.4
CVE-2023-38694
- EPSS 0.49%
- Veröffentlicht 12.12.2023 17:15:07
- Zuletzt bearbeitet 21.11.2024 08:14:04
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginUmbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Umbraco ≫ Umbraco Cms Version >= 8.0.0 < 8.18.10
Umbraco ≫ Umbraco Cms Version >= 9.0.0 < 10.7.0
Umbraco ≫ Umbraco Cms Version >= 11.0.0 < 12.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.647 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| security-advisories@github.com | 3.5 | 0.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.