XSS in Umbraco Umbraco_forms
CVE-2024-35239
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescrip…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (26.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Umbraco Umbraco_forms
- Umbraco Umbraco.forms.issues — versions >= 13.0.0, < 13.0.1, >= 12.0.0, < 12.2.2, >= 10.0.0, < 10.5.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Product, x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
- security-advisories@github.com (x_refsource_MISC, Release Notes)
Frequently asked questions
- What is CVE-2024-35239?
- CVE-2024-35239 is a low-severity vulnerability in Umbraco Umbraco_forms, classified under Cross-site Scripting. CVSS score: 2.7/10. Published 2024-05-28.
- How severe is CVE-2024-35239?
- Low severity. CVSS v3 base score is 2.7 out of 10.