CVE-2024-35218
CVSS V2 None
CVSS V3 None
Description
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.
Overview
- CVE ID
- CVE-2024-35218
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-21T13:42:27.260Z
- Last Modified Date
- 2024-06-04T17:33:58.723Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9w | x_refsource_CONFIRM |
https://github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385 | x_refsource_MISC |
https://github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6 | x_refsource_MISC |
https://github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7ba | x_refsource_MISC |
https://github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-35218 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35218 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 13:34:36 | Added to TrackCVE |