CVE-2024-10761

Summary

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
UmbracoCMS10.7.0affected
UmbracoCMS10.7.1affected
UmbracoCMS10.7.2affected
UmbracoCMS10.7.3affected
UmbracoCMS10.7.4affected
UmbracoCMS10.7.5affected
UmbracoCMS10.7.6affected
UmbracoCMS10.7.7affected
UmbracoCMS12.3.0affected
UmbracoCMS12.3.1affected
UmbracoCMS12.3.2affected
UmbracoCMS12.3.3affected
UmbracoCMS12.3.4affected
UmbracoCMS12.3.5affected
UmbracoCMS12.3.6affected
UmbracoCMS13.5.0affected
UmbracoCMS13.5.1affected
UmbracoCMS13.5.2affected
UmbracoCMS14.3.0affected
UmbracoCMS14.3.1affected
UmbracoCMS15.1.0affected
UmbracoCMS15.1.1affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References