Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cfr5-7p54-4qg8: Privilege Escalation using Spoofing

Impact

Users with low privileges ( Editor, etc) are able to access some unintended endpoints.

ghsa
#git

Privilege Escalation using Spoofing

Moderate severity GitHub Reviewed Published Dec 12, 2023 in umbraco/Umbraco-CMS • Updated Dec 13, 2023

Related news

CVE-2023-49273: Privilege Escalation using Spoofing

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.

ghsa: Latest News

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization