CVE-2017-15279

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-15279
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15279.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-15279
Aliases
Published
2017-10-12T08:29:00Z
Modified
2024-10-12T02:38:38.706393Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type
GIT
Repo
https://github.com/umbraco/umbraco-cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

4.*

4.7.2
4.8.0-beta

7.*

7.3.0-beta
7.6-alpha071
7.6-beta5

Release-4.*

Release-4.10.0
Release-4.11.0
Release-4.11.1
Release-4.11.2
Release-4.11.2.1
Release-4.11.2.2
Release-4.11.3
Release-4.11.4
Release-4.11.5
Release-4.5.2
Release-4.6.0
Release-4.8.0
Release-4.8.1
Release-4.9.0
Release-4.9.1

Release-6.*

Release-6.0.0
Release-6.0.0-RC
Release-6.0.0-beta
Release-6.0.2

Other

Sprint-Juno-A
alpha070

dev-7.*

dev-7.6-RC1
dev-7.6-RC2
dev-7.6-RC3
dev-7.6-alpha-073
dev-7.6-alpha054
dev-7.6-alpha055
dev-7.6-alpha056
dev-7.6-alpha060
dev-7.6-alpha061
dev-7.6-alpha063
dev-7.6-alpha064
dev-7.6-alpha072
dev-7.6-alpha073
dev-7.6-alpha074
dev-7.6-alpha075
dev-7.6-beta02
dev-7.6-beta03
dev-7.6-beta04
dev-7.6-beta06

dev-v7.*

dev-v7.6-alpha065
dev-v7.6-alpha066
dev-v7.6-alpha068
dev-v7.7-beta002

release-4.*

release-4.11.10
release-4.11.6
release-4.11.7
release-4.11.9

release-6.*

release-6.0.3
release-6.0.4
release-6.0.6
release-6.0.7
release-6.1.0
release-6.1.0-beta
release-6.1.0-beta2
release-6.1.1
release-6.1.2
release-6.1.3
release-6.1.4
release-6.1.5
release-6.1.6
release-6.2.0
release-6.2.0-beta
release-6.2.1
release-6.2.2
release-6.2.3

release-7.*

release-7.0.0
release-7.0.0-RC
release-7.0.0-alpha
release-7.0.0-beta
release-7.0.1
release-7.0.2
release-7.0.3
release-7.0.4
release-7.1.0
release-7.1.0-RC
release-7.1.0-beta
release-7.1.1
release-7.1.2
release-7.1.3
release-7.1.4
release-7.1.5
release-7.1.6
release-7.1.7
release-7.1.8
release-7.2.0
release-7.2.0-RC
release-7.2.0-alpha
release-7.2.0-beta
release-7.2.0-beta2
release-7.2.1
release-7.2.2
release-7.2.3
release-7.2.4
release-7.2.5
release-7.2.5-RC
release-7.2.6
release-7.2.7
release-7.2.8
release-7.3.0
release-7.3.0-RC
release-7.3.0-beta
release-7.3.0-beta2
release-7.3.0-beta3
release-7.3.1
release-7.3.2
release-7.3.3
release-7.3.4
release-7.3.5
release-7.3.6
release-7.3.7
release-7.3.8
release-7.4.0
release-7.4.0-RC1
release-7.4.0-beta2
release-7.4.1
release-7.4.2
release-7.4.3
release-7.5.0
release-7.5.0-beta
release-7.5.0-beta2
release-7.5.1
release-7.5.10
release-7.5.11
release-7.5.12
release-7.5.13
release-7.5.14
release-7.5.2
release-7.5.3
release-7.5.4
release-7.5.5
release-7.5.6
release-7.5.7
release-7.5.8
release-7.5.9
release-7.6.0
release-7.6.0-RC
release-7.6.0-beta
release-7.6.1
release-7.6.2
release-7.6.3
release-7.6.4
release-7.6.5
release-7.6.6
release-7.6.7
release-7.6.8
release-7.7.0
release-7.7.0-beta
release-7.7.1
release-7.7.2