Miggo Logo

CVE-2023-49279: Stored XSS via SVG File Upload

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.6253%
Published
12/13/2023
Updated
12/13/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Umbraco.CMSnuget>= 7.0.0, < 7.15.117.15.11
Umbraco.CMSnuget>= 8.0.0, < 8.18.98.18.9
Umbraco.CMSnuget>= 9.0.0, < 10.7.010.7.0
Umbraco.CMSnuget>= 11.0.0, < 11.5.011.5.0
Umbraco.CMSnuget>= 12.0.0, < 12.2.012.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

#### Imp**t * us*r wit* ****ss to t** ***ko**i** **n uplo** SV* *il*s t**t in*lu** s*ripts. I* t** us*r **n tri*k *not**r us*r to lo** t** m**i* *ir**tly in * *rows*r, t** s*ripts **n ** *x**ut**. #### Work*roun* Impl*m*nt t** s*rv*r si** *il* v*li*

Reasoning

No *n*lysis *v*il**l*