Description
Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- umbraco / Umbraco-CMS>= 14.0.0, < 14.3.2 – >= 14.0.0, < 14.3.2
- umbraco / Umbraco-CMS>= 15.0.0, < 15.1.2 – >= 15.0.0, < 15.1.2