GHSA-69cg-w8vm-h229

Source

https://github.com/advisories/GHSA-69cg-w8vm-h229

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-69cg-w8vm-h229

Aliases

CVE-2024-10761

Published

2025-01-21T21:24:20Z

Modified

2025-02-19T18:27:01.359740Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

XSS/HTML Injection Vulnerability in Umbraco Preview Badge

Details

Impact

Authenticated users are able to exploit an XSS vulnerability when viewing previewed content.

Patches

Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2.

Workarounds

None available.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-21T21:24:20Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}

References

Affected packages

NuGet

Umbraco.Cms

Package

Name: Umbraco.Cms; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.0

Fixed

13.5.3

Affected versions

11.*

11.0.0

11.1.0-rc

11.1.0

11.2.0-rc

11.2.0

11.2.1

11.2.2

11.3.0-rc

11.3.0

11.3.1

11.4.0-rc

11.4.0

11.4.1

11.4.2

11.5.0-rc

11.5.0

12.*

12.0.0-rc1

12.0.0-rc2

12.0.0-rc3

12.0.0-rc4

12.0.0-rc5

12.0.0

12.0.1

12.1.0-rc

12.1.0

12.1.1

12.1.2

12.2.0-rc

12.2.0

12.3.0-rc

12.3.0

12.3.1

12.3.2

12.3.3

12.3.4

12.3.5

12.3.6

12.3.7

12.3.8

12.3.9

12.3.10

13.*

13.0.0-rc1

13.0.0-rc2

13.0.0-rc3

13.0.0-rc4

13.0.0-rc5

13.0.0

13.0.1

13.0.2

13.0.3

13.1.0-rc

13.1.0

13.1.1

13.2.0-rc

13.2.0

13.2.1

13.2.2

13.3.0-rc

13.3.0

13.3.1

13.3.2

13.4.0-rc

13.4.0-rc2

13.4.0

13.4.1

13.5.0-rc

13.5.0

13.5.1

13.5.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms

Package

Name: Umbraco.Cms; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14.0.0

Fixed

14.3.2

Affected versions

14.*

14.0.0

14.1.0-rc

14.1.0-rc2

14.1.0

14.1.1

14.1.2

14.2.0-rc

14.2.0-rc2

14.2.0-rc3

14.2.0

14.3.0-rc

14.3.0

14.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms

Package

Name: Umbraco.Cms; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

15.1.2

Affected versions

15.*

15.0.0

15.1.0-rc

15.1.0-rc2

15.1.0

15.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms

Package

Name: Umbraco.Cms; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.8.7

Fixed

10.8.8

Affected versions

10.*

10.8.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms.Web.Common

Package

Name: Umbraco.Cms.Web.Common; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.Common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.0

Fixed

13.5.3

Affected versions

11.*

11.0.0

11.1.0-rc

11.1.0

11.2.0-rc

11.2.0

11.2.1

11.2.2

11.3.0-rc

11.3.0

11.3.1

11.4.0-rc

11.4.0

11.4.1

11.4.2

11.5.0-rc

11.5.0

12.*

12.0.0-rc1

12.0.0-rc2

12.0.0-rc3

12.0.0-rc4

12.0.0-rc5

12.0.0

12.0.1

12.1.0-rc

12.1.0

12.1.1

12.1.2

12.2.0-rc

12.2.0

12.3.0-rc

12.3.0

12.3.1

12.3.2

12.3.3

12.3.4

12.3.5

12.3.6

12.3.7

12.3.8

12.3.9

12.3.10

13.*

13.0.0-rc2

13.0.0-rc3

13.0.0-rc4

13.0.0-rc5

13.0.0

13.0.1

13.0.2

13.0.3

13.1.0-rc

13.1.0

13.1.1

13.2.0-rc

13.2.0

13.2.1

13.2.2

13.3.0-rc

13.3.0

13.3.1

13.3.2

13.4.0-rc

13.4.0-rc2

13.4.0

13.4.1

13.5.0-rc

13.5.0

13.5.1

13.5.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms.Web.Common

Package

Name: Umbraco.Cms.Web.Common; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.Common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14.0.0

Fixed

14.3.2

Affected versions

14.*

14.0.0

14.1.0-rc

14.1.0-rc2

14.1.0

14.1.1

14.1.2

14.2.0-rc

14.2.0-rc2

14.2.0-rc3

14.2.0

14.3.0-rc

14.3.0

14.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms.Web.Common

Package

Name: Umbraco.Cms.Web.Common; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.Common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15.0.0

Fixed

15.1.2

Affected versions

15.*

15.0.0

15.1.0-rc

15.1.0-rc2

15.1.0

15.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"

Umbraco.Cms.Web.Common

Package

Name: Umbraco.Cms.Web.Common; View open source insights on deps.dev
Purl: pkg:nuget/Umbraco.Cms.Web.Common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.8.7

Fixed

10.8.8

Affected versions

10.*

10.8.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-69cg-w8vm-h229/GHSA-69cg-w8vm-h229.json"