Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-xxc6-35r7-796w

GitHub Security Advisory

Possible injection of HTML into user invite mails

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

#### Impact
A user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended.

#### Explanation of the vulnerability
A person with access to the backoffice and the "users" section could send a user invite and inject HTML code into the invite message.

Affected Packages

NuGet Umbraco.CMS
Affected versions: 8.0.0 (fixed in 8.18.10)
NuGet Umbraco.CMS
Affected versions: 9.0.0 (fixed in 10.7.0)
NuGet Umbraco.CMS
Affected versions: 11.0.0 (fixed in 12.1.0)

Related CVEs

CVE-2023-38694

Key Information

GHSA ID
GHSA-xxc6-35r7-796w
Published
December 13, 2023 1:17 PM
Last Modified
January 12, 2024 4:27 PM
CVSS Score
2.5 /10
Primary Ecosystem
NuGet
Primary Package
Umbraco.CMS
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.