Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rpj9-xjwm-wr6w

GitHub Security Advisory

Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality

### Patches
12.1.4, 10.0.5

### References
https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023

Affected Packages

NuGet Umbraco.Commerce
Affected versions: 12.0.0 (fixed in 12.1.4)
NuGet Umbraco.Commerce
Affected versions: 0 (fixed in 10.0.5)

Related CVEs

CVE-2024-35240

Key Information

GHSA ID
GHSA-rpj9-xjwm-wr6w
Published
May 28, 2024 9:18 PM
Last Modified
June 3, 2024 6:29 PM
CVSS Score
5.0 /10
Primary Ecosystem
NuGet
Primary Package
Umbraco.Commerce
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 15, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.