GHSA-vr9v-27gg-qgx4MediumCVSS 4.6
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
🔗 CVE IDs covered (1)
📋 Description
Impact
Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding.
Patches
This issue has been patched in 17.4.0
🎯 Affected products1
- nuget/Umbraco.Cms:>= 14.0.0, <= 17.3.5