cvedb.io
CVE-2025-24012
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2025-01-21T16:15:14.923 · Last modified 2026-06-17T08:57:53.230

Summary

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.

Affected products

umbraco — umbraco_cms

Does this affect you?

Add your gear to cvedb and we'll alert you only when umbraco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.