CVE-2023-38694
Umbraco CMS vulnerable to possible injection of HTML in an unintended form
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Affected products
umbraco · Umbraco-CMSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →