Vulnerabilities > CVE-2024-10761 - Unspecified vulnerability in Umbraco CMS 12.3.6

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

umbraco

NVD

Published: 2024-11-04

Updated: 2025-01-22

Summary

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.

Vulnerable Configurations

Part	Description	Count
Application	Umbraco Umbraco Umbraco CMS 12.3.6	1

References

https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-69cg-w8vm-h229
https://vuldb.com/?ctiid.282930
https://vuldb.com/?id.282930
https://vuldb.com/?submit.427091