cvedb.io
CVE-2024-47819
MEDIUM · CVSS 4.2
EPSS exploitation probability: 0%
Published 2024-10-22T16:15:07.500 · Last modified 2026-06-17T07:57:48.680

Summary

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users.

Affected products

umbraco — umbraco_cms

Does this affect you?

Add your gear to cvedb and we'll alert you only when umbraco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.