CVE-2018-17256: XSS
First published: Sat Nov 17 2018(Updated: )
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
Credit: vulnerability@cspcert.ph vulnerability@cspcert.ph
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nuget/umbraco | <=7.12.3 | |
| Umbraco CMS | =7.12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-17256?
CVE-2018-17256 is a persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3.
How does CVE-2018-17256 affect Umbraco CMS 7.12.3?
CVE-2018-17256 allows authenticated users to inject arbitrary web script via the Header Name of a content in Umbraco CMS 7.12.3.
How severe is CVE-2018-17256?
CVE-2018-17256 has a severity rating of medium (4.8).
How can the persistent XSS vulnerability in Umbraco CMS 7.12.3 be exploited?
The persistent XSS vulnerability in Umbraco CMS 7.12.3 is exploited when updating or removing public access of a content.
Is there a fix available for CVE-2018-17256?
Yes, users of Umbraco CMS 7.12.3 should update to a version that includes the fix for the vulnerability.
- collector/github-advisory-latest
- alias/GHSA-wrrj-r2j4-969w
- alias/CVE-2018-17256
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/nuget
- vendor/umbraco
- canonical/umbraco cms
- version/umbraco cms/7.12.3