cbcvebase.
CVE-2024-35218
published 2024-05-21

CVE-2024-35218: Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring…

PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.35%
26.9th percentile
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.

Affected

8 ranges
VendorProductVersion rangeFixed in
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco_cms>= 10.0.0 < 10.8.410.8.4
umbracoumbraco_cms>= 12.0.0 < 12.3.712.3.7
umbracoumbraco_cms>= 13.0.0 < 13.1.113.1.1
umbracoumbraco_cms>= 8.0.0 < 8.18.138.18.13
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.