Umbraco Commerce vulnerable to Cross-site scripting (XSS) issue

CVE-2024-35240
5.4MEDIUM

Key Information

Vendor
Umbraco
Status
Umbraco.commerce.issues
Vendor
CVE Published:
28 May 2024

Summary

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Version(s)

Umbraco.Commerce.Issues < 12.0.0, 12.1.4

Umbraco.Commerce.Issues < 10.0.5

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.