CVE-2024-35239
Description
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13).
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.568
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms 13.0.1 | Windows |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms 12.2.2 | Windows |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms 10.5.3 | Windows |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms 8.13.13 | Windows |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms for Linux 13.0.1 | Linux |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms for Linux 12.2.2 | Linux |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms for Linux 10.5.3 | Linux |
| Vulnerabilities CVE-2024-35239 are fixed in Nuget - Umbraco.Forms for Linux 8.13.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234