How severe is CVE-2024-48927?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-48927?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-48927 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. As a workaround, derver-side file validation is available to strip script tags from file's content during the file upload process.

Related Vulnerabilities

CVE-2019-4216

MEDIUM

CVSS:4.6(Medium)

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187.

CWE-742019

CVE-2021-29676

MEDIUM

CVSS:4.6(Medium)

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this...

CWE-742021

CVE-2018-1474

MEDIUM

CVSS:4.7(Medium)

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit t...

CWE-742018

CVE-2020-15187

MEDIUM

CVSS:4.7(Medium)

In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an at...

CWE-742020

CVE-2020-4027

MEDIUM

CVSS:4.7(Medium)

Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vuln...

CWE-742020

CVE-2023-30609

MEDIUM

CVSS:4.7(Medium)

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search resu...

CWE-742023