CVE-2024-35218

Summary

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.

Affected Software

VendorProductVersion RangeStatus
umbracoUmbraco-CMS>= 8.0.0, < 8.18.13affected
umbracoUmbraco-CMS>= 10.0.0, < 10.8.4affected
umbracoUmbraco-CMS>= 12.0.0, < 12.3.7affected
umbracoUmbraco-CMS>= 13.0.0, < 13.1.1affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References