Headline

GHSA-69cg-w8vm-h229: XSS/HTML Injection Vulnerability in Umbraco Preview Badge

Impact

Authenticated users are able to exploit an XSS vulnerability when viewing previewed content.

Patches

Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2.

Workarounds

None available.

7 hours ago

ghsa

Open in Source

#xss #vulnerability #git #auth

GitHub Advisory Database
GitHub Reviewed
GHSA-69cg-w8vm-h229

XSS/HTML Injection Vulnerability in Umbraco Preview Badge

Moderate severity GitHub Reviewed Published Jan 21, 2025 in umbraco/Umbraco-CMS • Updated Jan 21, 2025

Package

nuget Umbraco.Cms (NuGet)

Affected versions

>= 10.8.7, < 10.8.8

>= 11.0.0, < 13.5.3

>= 14.0.0, < 14.3.2

>= 15.0.0, < 15.1.2

Patched versions

10.8.8

13.5.3

14.3.2

15.1.2

Impact

Authenticated users are able to exploit an XSS vulnerability when viewing previewed content.

Patches

Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2.

Workarounds

None available.

References

GHSA-69cg-w8vm-h229

Published to the GitHub Advisory Database

Jan 21, 2025

Last updated

Jan 21, 2025

ghsa: Latest News

GHSA-4cv2-4hjh-77rx: Property reflection in System.Linq.Dynamic.Core

6 hours ago

ghsa

GHSA-69cg-w8vm-h229: XSS/HTML Injection Vulnerability in Umbraco Preview Badge

7 hours ago

ghsa

GHSA-5vpc-35f4-r8w6: Buildah allows build breakout using malicious Containerfiles and concurrent builds

7 hours ago

ghsa

GHSA-hmg4-wwm5-p999: Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes

7 hours ago

ghsa

GHSA-qwj6-q94f-8425: MathLive's Lack of Escaping of HTML allows for XSS

7 hours ago

ghsa