disputed

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.

A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recomm

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-69cg-w8vm-h229

VulDB https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing [No types assigned]

VulDB disputed

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor is not able to reproduce the issue.

VulDB CWE-94

VulDB CWE-707

VulDB CWE-74

NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

NIST CWE-79

OR
     *cpe:2.3:a:umbraco:umbraco_cms:12.3.6:*:*:*:*:*:*:*

https://vuldb.com/?ctiid.282930 No Types Assigned

https://vuldb.com/?ctiid.282930 Permissions Required, Third Party Advisory, VDB Entry

https://vuldb.com/?id.282930 No Types Assigned

https://vuldb.com/?id.282930 Permissions Required, Third Party Advisory, VDB Entry

https://vuldb.com/?submit.427091 No Types Assigned

https://vuldb.com/?submit.427091 Exploit, Third Party Advisory, VDB Entry

VulDB CWE-707

VulDB CWE-74

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

VulDB CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

VulDB AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

VulDB (AV:N/AC:L/Au:S/C:N/I:P/A:N)

VulDB CWE-79

VulDB https://vuldb.com/?ctiid.282930 [No types assigned]

VulDB https://vuldb.com/?id.282930 [No types assigned]

VulDB https://vuldb.com/?submit.427091 [No types assigned]