Description
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Published: 2024-05-28
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-1777 Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Github GHSA Github GHSA GHSA-rpj9-xjwm-wr6w Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
History

No history.

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-19T19:02:57.975Z

Reserved: 2024-05-14T15:39:41.786Z

Link: CVE-2024-35240

cve-icon Vulnrichment

Updated: 2024-08-02T03:07:46.827Z

cve-icon NVD

Status : Deferred

Published: 2024-05-28T21:16:31.393

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-35240

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses