Vulnerability in Umbraco Cms

CVE-2020-5810

A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.

EPSS: 0.671 (99.2th percentile) — read the EPSS interpretation.

Affected products

  • N/a Umbraco Cms — versions <= 8.9.1 or current (unfixed)

References