Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-5955-cwv4-h7qh

GitHub Security Advisory

Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode.

### Workarounds
Server-side file validation is available to strip script tags from file's content during the file upload process.

Affected Packages

NuGet UmbracoCms
Affected versions: 8.0.0 (fixed in 8.18.15)
NuGet Umbraco.Cms
Affected versions: 10.0.0 (fixed in 10.8.7)
NuGet Umbraco.Cms
Affected versions: 13.0.0 (fixed in 13.5.2)

Related CVEs

CVE-2024-48927

Key Information

GHSA ID
GHSA-5955-cwv4-h7qh
Published
October 22, 2024 6:12 PM
Last Modified
October 22, 2024 7:22 PM
CVSS Score
5.0 /10
Primary Ecosystem
NuGet
Primary Package
UmbracoCms
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.