Umbraco CMS 12.3.6
Approved changes feed: RSS · Atom
cpe:2.3:a:umbraco:umbraco_cms:12.3.6:*:*:*:*:*:*:*
part: a version: 12.3.6 update: *
| Vendor | Umbraco (89be0333-81fe-5eb9-9281-55a77e50e27f) |
|---|---|
| Product | Umbraco Cms (8f213959-af43-58a2-84af-fba3fcb81e76) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/umbraco/umbraco-cms |
purl2cpe | 2026-06-01 10:16:09.897366 |
pkg:nuget/UmbracoCms.Core |
purl2cpe | 2026-06-01 10:16:09.897369 |
pkg:nuget/UmbracoCms.Web |
purl2cpe | 2026-06-01 10:16:09.897370 |
pkg:nuget/umbracoCms |
purl2cpe | 2026-06-01 10:16:09.897367 |
pkg:sourceforge/umbraco |
purl2cpe | 2026-06-01 10:16:09.897372 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-10761 |
vulnerable | 2026-06-08 06:23:47.464708 |
Umbraco CMS Dashboard frame cross site scripting
MEDIUM (4.3)
A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.
Published: 2024-11-04T05:00:06.691Z
Updated: 2025-01-22T07:47:21.294Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.