CVE-2023-49279
published 2023-12-12CVE-2023-49279: Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.39%
30.5th percentile
Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco_cms | — | — |
| umbraco | umbraco_cms | >= 10.0.0 < 10.7.0 | 10.7.0 |
| umbraco | umbraco_cms | >= 11.0.0 < 11.5.0 | 11.5.0 |
| umbraco | umbraco_cms | >= 12.0.0 < 12.2.0 | 12.2.0 |
| umbraco | umbraco_cms | >= 7.0.0 < 7.15.11 | 7.15.11 |
| umbraco | umbraco_cms | >= 8.0.0 < 8.18.9 | 8.18.9 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Stored XSS via SVG File Upload
ghsa·2023-12-13
CVE-2023-49279 [LOW] CWE-79 Stored XSS via SVG File Upload
Stored XSS via SVG File Upload
#### Impact
A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed.
#### Workaround
Implement the server side file validation
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation
or
Serve all media from an different host (e.g cdn) that where umbraco is hosted
OSV
Stored XSS via SVG File Upload
osv·2023-12-13
CVE-2023-49279 [LOW] Stored XSS via SVG File Upload
Stored XSS via SVG File Upload
#### Impact
A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed.
#### Workaround
Implement the server side file validation
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation
or
Serve all media from an different host (e.g cdn) that where umbraco is hosted
No detection rules found.
No public exploits indexed.
https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validationhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validationhttps://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2
2023-12-12
Published