Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-c5g6-6xf7-qxp3

GitHub Security Advisory

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content.

### Patches
Will be patched in 14.3.1 and 15.0.0.

### Workarounds
Ensure that access to the Dictionary section is only granted to trusted users.

Affected Packages

NuGet Umbraco.Cms.StaticAssets
Affected versions: 14.0.0 (fixed in 14.3.1)
npm @umbraco-cms/backoffice
Affected versions: 14.0.0 (fixed in 14.3.1)

Related CVEs

CVE-2024-47819

Key Information

GHSA ID
GHSA-c5g6-6xf7-qxp3
Published
October 22, 2024 5:50 PM
Last Modified
October 22, 2024 7:22 PM
CVSS Score
5.0 /10
Primary Ecosystem
NuGet
Primary Package
Umbraco.Cms.StaticAssets
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.