CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43377 – Umbraco CMS Improper Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43377
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. • https://github.com/umbraco/Umbraco-CMS/commit/72bef8861d94a39d5cc9530a04c4797b91fcbecf https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hrww-x3fq-xcvh • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43376 – Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2024-43376
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2. • https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004 https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35240 – Stored Cross-site Scripting on Print Functionality in Umbraco Commerce
https://notcve.org/view.php?id=CVE-2024-35240
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023 https://github.com/umbraco/Umbraco.Commerce.Issues/security/advisories/GHSA-rpj9-xjwm-wr6w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35239 – Stored Cross-site Scripting on Components of Umbraco Forms
https://notcve.org/view.php?id=CVE-2024-35239
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13). Umbraco Commerce es una solución de formularios web dotnet de código abierto. En las versiones afectadas, un usuario autenticado que tiene acceso para editar formularios puede inyectar código no seguro en los componentes de Forms. • https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024 https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024 https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35218 – Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
https://notcve.org/view.php?id=CVE-2024-35218
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer. Umbraco CMS es un CMS ASP.NET utilizado por más de 730.000 sitios web. El Cross Site Scripting (XSS) Almacenado permite a los atacantes que tienen acceso al backoffice introducir contenido malicioso en un sitio web o aplicación. • https://github.com/umbraco/Umbraco-CMS/commit/1b712fe6ec52aa4e71b3acf63e393c8e6ab85385 https://github.com/umbraco/Umbraco-CMS/commit/a2684069b1e9976444f60b4b37a80be05b87f6b6 https://github.com/umbraco/Umbraco-CMS/commit/cbf9f9bcd199d7ca0412be3071d275556f10b7ba https://github.com/umbraco/Umbraco-CMS/commit/d090176272d07500dac0daee7c598aa8bb321050 https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-gvpc-3pj6-4m9w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •