GHSA-gvpc-3pj6-4m9w

Suggest an improvement
Source
https://github.com/advisories/GHSA-gvpc-3pj6-4m9w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-gvpc-3pj6-4m9w/GHSA-gvpc-3pj6-4m9w.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-gvpc-3pj6-4m9w
Aliases
Published
2024-05-21T14:47:24Z
Modified
2024-05-21T15:48:27.673570Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Details

Impact

Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application.

Affected versions

Umbraco CMS >= 8.00

Patches

This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer

Database specific
{
    "nvd_published_at": "2024-05-21T14:15:12Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-21T14:47:24Z"
}
References

Affected packages

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0
Fixed
8.18.13

Affected versions

8.*

8.0.0
8.0.1
8.0.2
8.0.3
8.1.0
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.1.6
8.2.0-rc
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.4.0-rc
8.4.0
8.4.1
8.4.2
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.6.0-rc
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.6.5
8.6.6
8.6.7
8.6.8
8.7.0-rc
8.7.0
8.7.1
8.7.2
8.7.3
8.8.0-rc
8.8.0
8.8.1
8.8.2
8.8.3
8.8.4
8.9.0-rc
8.9.0
8.9.1
8.9.2
8.9.3
8.10.0-rc
8.10.0
8.10.1
8.10.2
8.10.3
8.11.0-rc
8.11.0
8.11.1
8.11.2
8.11.3
8.12.0-rc
8.12.0
8.12.1
8.12.2
8.12.3
8.13.0-rc
8.13.0
8.13.1
8.14.0-rc
8.14.0
8.14.1
8.14.2
8.14.3
8.14.4
8.15.0-rc
8.15.0
8.15.1
8.15.2
8.15.3
8.16.0-rc
8.16.0
8.17.0-rc
8.17.0-rc2
8.17.0
8.17.1
8.17.2
8.18.0-rc
8.18.0-rc2
8.18.0
8.18.1
8.18.2
8.18.3
8.18.4
8.18.5
8.18.6
8.18.7
8.18.8
8.18.9
8.18.10
8.18.11
8.18.12

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.0.0
Fixed
10.8.4

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12.0.0
Fixed
12.3.7

NuGet / UmbracoCms.Core

Package

Name
UmbracoCms.Core
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13.0.0
Fixed
13.1.1