CVE-2024-35239

LOW Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-79
View all →

Vulnerability Description

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13).

Related Vulnerabilities

CVE-2016-0370

LOW
CVSS:2.7(Low)

Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an a...

CWE-792016

CVE-2018-0532

LOW
CVSS:2.7(Low)

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.

CWE-792018

CVE-2022-4617

LOW
CVSS:2.7(Low)

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.

CWE-792022

CVE-2023-5896

LOW
CVSS:2.7(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.

CWE-792023

CVE-2023-5903

LOW
CVSS:2.7(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CWE-792023

CVE-2023-5904

LOW
CVSS:2.7(Low)

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

CWE-792023