CVE-2023-38694

EPSS 0.41%
Veröffentlicht 12.12.2023 17:15:07
Zuletzt bearbeitet 21.11.2024 08:14:04
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Umbraco CMS vulnerable to possible injection of HTML in an unintended form

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Umbraco ≫ Umbraco Cms Version >= 8.0.0 < 8.18.10

Umbraco ≫ Umbraco Cms Version >= 9.0.0 < 10.7.0

Umbraco ≫ Umbraco Cms Version >= 11.0.0 < 12.1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.326

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	3.5	0.9	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-38694

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-38694

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-38694

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-38694