CVE-2024-55488: Withdrawn Advisory: Umbraco Rich Text Display allows Cross-Site Scripting
(updated )
Withdrawn Advisory
This advisory has been withdrawn because the issue is a documented security. This link is maintained to preserve external references. For more information, see https://github.com/github/advisory-database/pull/5270.
Original Advisory
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
References
- github.com/advisories/GHSA-572q-86rr-5vgq
- github.com/github/advisory-database/pull/5270
- github.com/umbraco/Umbraco-CMS
- github.com/umbraco/Umbraco-CMS/pull/17164
- github.com/umbraco/Umbraco-CMS/releases/tag/release-15.0.0-rc1
- nvd.nist.gov/vuln/detail/CVE-2024-55488
- www.nccgroup.com/us/research-blog/technical-advisory-cross-site-scripting-in-umbraco-rich-text-display
Code Behaviors & Features
Detect and mitigate CVE-2024-55488 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →