Description
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-1777 | Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
Github GHSA |
GHSA-rpj9-xjwm-wr6w | Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality |
References
History
No history.
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-19T19:02:57.975Z
Reserved: 2024-05-14T15:39:41.786Z
Link: CVE-2024-35240
Updated: 2024-08-02T03:07:46.827Z
Status : Deferred
Published: 2024-05-28T21:16:31.393
Modified: 2026-06-17T07:34:36.480
Link: CVE-2024-35240
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA