Umbraco Commerce vulnerable to Cross-site scripting (XSS) issue
CVE-2024-35240
5.4MEDIUM
Key Information
- Vendor
- Umbraco
- Status
- Umbraco.commerce.issues
- Vendor
- CVE Published:
- 28 May 2024
Summary
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected Version(s)
Umbraco.Commerce.Issues < 12.0.0, 12.1.4
Umbraco.Commerce.Issues < 10.0.5
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database