CVE-2017-15279
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://issues.umbraco.org/issue/U4-10497
- https://github.com/umbraco/Umbraco-CMS/commit/fe2b86b681455ac975b294652064b2718d4e2ba2
References
- http://issues.umbraco.org/issue/U4-10497
- https://github.com/umbraco/Umbraco-CMS/commit/fe2b86b681455ac975b294652064b2718d4e2ba2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.