CVE-2017-15279

Description

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.195

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2017-15279,CVE-2017-15280 are fixed in Nuget - UmbracoCMS.Web 7.7.3	Windows
Vulnerabilities CVE-2017-15279,CVE-2017-15280 are fixed in Nuget - UmbracoCMS.Web for Linux 7.7.3	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234