GHSA-95qr-67rx-9pgh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-95qr-67rx-9pgh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-95qr-67rx-9pgh/GHSA-95qr-67rx-9pgh.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-95qr-67rx-9pgh
- Aliases
- Published
- 2022-05-24T17:37:51Z
- Modified
- 2023-11-01T04:53:25.519926Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Umbraco CMS vulnerable to stored XSS
- Details
-
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
- Database specific
{ "github_reviewed_at": "2023-07-13T22:32:02Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "nvd_published_at": "2020-12-30T16:15:00Z" }- References
Affected packages
NuGet / UmbracoCms.Core
Package
- Name
- UmbracoCms.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/UmbracoCms.Core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected8.9.1
Affected versions
4.*
4.7.2
4.8.0-beta
4.8.0
4.8.1
4.9.0
4.9.1
4.10.0-beta
4.10.0-rc
4.10.0
4.10.1
4.11.0
4.11.1
4.11.2
4.11.2.1
4.11.2.2
4.11.2.3
4.11.3
4.11.3.1
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.11.10
6.*
6.0.0-beta
6.0.0-RC
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.7.1
6.1.0-beta
6.1.0-beta-2
6.1.0
6.1.1
6.1.2
6.1.2.1
6.1.2.2
6.1.3
6.1.4
6.1.5
6.1.6
6.2.0-RC
6.2.0
6.2.0.1-RC
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
7.*
7.0.0-alpha
7.0.0-beta
7.0.0-RC
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.1.0-RC
7.1.0
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.1.6
7.1.7
7.1.8
7.1.9
7.1.10
7.2.0-beta
7.2.0-beta2
7.2.0-RC
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5-RC
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.3.0-beta
7.3.0-beta2
7.3.0-beta3
7.3.0-RC
7.3.0
7.3.1
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0-beta
7.4.0-beta2
7.4.0-RC1
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0-beta
7.5.0-beta2
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5
7.5.6
7.5.7
7.5.8
7.5.9
7.5.10
7.5.11
7.5.12
7.5.13
7.5.14
7.5.15
7.6.0-beta
7.6.0-RC
7.6.0
7.6.1
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9
7.6.10
7.6.11
7.6.12
7.6.13
7.6.14
7.7.0-beta
7.7.0
7.7.1
7.7.2
7.7.3
7.7.4
7.7.5
7.7.6
7.7.7
7.7.8
7.7.9
7.7.10
7.7.11
7.7.12
7.7.13
7.7.14
7.8.0-beta
7.8.0
7.8.1
7.8.2
7.8.3
7.8.4
7.9.0
7.9.1
7.9.2
7.9.3
7.9.4
7.9.5
7.9.6
7.9.7
7.10.0
7.10.1
7.10.2
7.10.3
7.10.4
7.10.5
7.10.6
7.11.0
7.11.1
7.11.2
7.11.3
7.12.0
7.12.1
7.12.2
7.12.3
7.12.4
7.12.5
7.13.0
7.13.1
7.13.2
7.13.3
7.14.0
7.14.1
7.15.0
7.15.1
7.15.2
7.15.3
7.15.4
7.15.5
7.15.6
7.15.7
7.15.8
7.15.9
7.15.10
7.15.11
8.*
8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2.0-rc
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.4.0-rc
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.6.0-rc
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.7.0-rc
8.7.0
8.7.1
8.7.2
8.7.3
8.8.0-rc
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
8.9.0-rc
8.9.0
8.9.1