What is the severity of CVE-2024-10761?

CVE-2024-10761 has been classified as problematic due to potential cross-site scripting vulnerabilities.

How do I fix CVE-2024-10761?

To mitigate CVE-2024-10761, upgrade Umbraco CMS to a version beyond 12.3.6.

What components are affected by CVE-2024-10761?

CVE-2024-10761 specifically affects the Dashboard component in Umbraco CMS version 12.3.6.

What type of vulnerability is CVE-2024-10761?

CVE-2024-10761 is a cross-site scripting (XSS) vulnerability.

Where can I find more information about CVE-2024-10761?

For more details about CVE-2024-10761, consult the official vulnerability databases or GitHub advisories.

Vulnerability/
CVE-2024-10761

medium

6.9

CWE

79 707 94

4/11/2024

22/1/2025

CVE-2024-10761: Umbraco CMS Dashboard frame cross site scripting

First published: Mon Nov 04 2024(Updated: )

A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Credit: cna@vuldb.com cna@vuldb.com

Affected Software	Affected Version	How to fix
nuget/Umbraco.Cms.Core	<=12.3.6
Umbraco CMS	=12.3.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-10761?
CVE-2024-10761 has been classified as problematic due to potential cross-site scripting vulnerabilities.
How do I fix CVE-2024-10761?
To mitigate CVE-2024-10761, upgrade Umbraco CMS to a version beyond 12.3.6.
What components are affected by CVE-2024-10761?
CVE-2024-10761 specifically affects the Dashboard component in Umbraco CMS version 12.3.6.
What type of vulnerability is CVE-2024-10761?
CVE-2024-10761 is a cross-site scripting (XSS) vulnerability.
Where can I find more information about CVE-2024-10761?
For more details about CVE-2024-10761, consult the official vulnerability databases or GitHub advisories.

agent/title
agent/type
agent/first-publish-date
agent/author
agent/softwarecombine
agent/event
collector/github-advisory
source/GitHub
alias/GHSA-4gmq-m9vp-jrwg
alias/CVE-2024-10761
agent/software-canonical-lookup
agent/trending
agent/source
collector/mitre-cve
source/MITRE
agent/tags
agent/references
agent/description
collector/github-advisory-latest
agent/last-modified-date
agent/weakness
agent/severity
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/nuget
vendor/umbraco
canonical/umbraco cms
version/umbraco cms/12.3.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.