GHSA-v98m-398x-269r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v98m-398x-269r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-v98m-398x-269r/GHSA-v98m-398x-269r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-v98m-398x-269r
- Aliases
- Related
- Published
- 2023-12-13T13:24:06Z
- Modified
- 2024-01-12T16:30:56.191942Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- DOM-XSS on Backoffice login screen.
- Details
-
Impact
Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.
Explanation of the vulnerability
A DOM-XSS can be exploited when users are successfully logging into the Backoffice.
- Database specific
{ "github_reviewed_at": "2023-12-13T13:24:06Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2023-12-12T18:15:22Z" }- References
Affected packages
NuGet / Umbraco.CMS
Package
- Name
- Umbraco.CMS
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.CMS
NuGet / Umbraco.CMS
Package
- Name
- Umbraco.CMS
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.CMS
Affected versions
11.*
11.0.0
11.1.0-rc
11.1.0
11.2.0-rc
11.2.0
11.2.1
11.2.2
11.3.0-rc
11.3.0
11.3.1
11.4.0-rc
11.4.0
11.4.1
11.4.2
11.5.0-rc
11.5.0
12.*
12.0.0-rc1
12.0.0-rc2
12.0.0-rc3
12.0.0-rc4
12.0.0-rc5
12.0.0
12.0.1
12.1.0-rc
12.1.0
12.1.1
12.1.2
12.2.0-rc
12.2.0
12.3.0-rc
12.3.0
12.3.1
12.3.2
12.3.3