CVE-2020-5810
published 2020-12-30CVE-2020-5810: A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which…
PriorityP341medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
66.20%
99.2th percentile
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco_cms | <= 8.9.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to the Umbraco Users API endpoint for privilege escalation attempts, particularly requests adding 'admin' to userGroupAliases from non-admin sessions. ↗
- →Alert on uploads of .svg files to the Umbraco media library, especially those containing embedded <script> tags or JavaScript, as these can serve as stored XSS payloads. ↗
- →Inspect the X-UMB-XSRF-TOKEN request header being set programmatically (e.g., via XMLHttpRequest in SVG script content) as an indicator of CSRF token theft and abuse within the XSS payload. ↗
- ·The stored XSS via SVG upload is only exploitable by authenticated users who have been granted media upload permissions; restrict this privilege to trusted users only. ↗
- ·The XSS payload achieves privilege escalation only when triggered by an admin user; the impact is conditional on admin interaction with the malicious SVG link. ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2020-12-30
Published