cbcvebase.
CVE-2024-47819
published 2024-10-22

CVE-2024-47819: Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions…

PriorityP343high8.7CVSS 3.1
AVNACLPRLUIRSCCHIHAN
EPSS
0.33%
24.3th percentile
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.

Affected

3 ranges
VendorProductVersion rangeFixed in
umbraco-cmsbackoffice>= 14.0.0 < 14.3.114.3.1
umbracoumbraco-cms
umbracoumbraco_cms>= 14.0.0 < 14.3.114.3.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.