CVE-2024-47819 in Umbracoinfo

Zusammenfassung

von MITRE • 22.10.2024

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Zuständig

GitHub M

Reservieren

03.10.2024

Veröffentlichung

22.10.2024

Moderieren

akzeptiert

Eintrag

VDB-281511

CPE

bereit

EPSS

0.00326

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!