Main Vulnerability Database Vulnerabilities #VU99234

#VU99234 Dangerous file upload in Umbraco CMS - CVE-2024-48927

Published: October 22, 2024 / Updated: October 23, 2024

Vulnerability identifier: #VU99234

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-48927

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Umbraco CMS

Software vendor:
Umbraco

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability exists due to the application allows to upload SVG files to the server. A remote user can upload a specially crafted SVG file with an arbitrary JavaScript code inside and execute ti in the victim's browser in the security context of the website once the image is viewed.

Remediation

Install updates from vendor's website.

External links

https://github.com/umbraco/Umbraco-CMS/releases/tag/release-13.5.2
https://github.com/umbraco/Umbraco-CMS/releases/tag/release-10.8.7
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-5955-cwv4-h7qh

#VU99234 Dangerous file upload in Umbraco CMS - CVE-2024-48927

Description

Remediation

External links

Please verify you're human