CVE-2024-35218
published 2024-05-21CVE-2024-35218: Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring…
PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.35%
26.9th percentile
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco_cms | >= 10.0.0 < 10.8.4 | 10.8.4 |
| umbraco | umbraco_cms | >= 12.0.0 < 12.3.7 | 12.3.7 |
| umbraco | umbraco_cms | >= 13.0.0 < 13.1.1 | 13.1.1 |
| umbraco | umbraco_cms | >= 8.0.0 < 8.18.13 | 8.18.13 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
ghsa·2024-05-21
CVE-2024-35218 [MEDIUM] CWE-79 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
### Impact
Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application.
### Affected versions
Umbraco CMS >= 8.00
### Patches
This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer
OSV
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
osv·2024-05-21
CVE-2024-35218 [MEDIUM] Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
### Impact
Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application.
### Affected versions
Umbraco CMS >= 8.00
### Patches
This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385https://github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6https://github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7bahttps://github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9whttps://github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385https://github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6https://github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7bahttps://github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9w
2024-05-21
Published