Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Moderate severity
GitHub Reviewed
Published
May 28, 2024
in
umbraco/Umbraco.Commerce.Issues
•
Updated Jun 5, 2024
Package
Affected versions
>= 12.0.0, < 12.1.4
< 10.0.5
Patched versions
12.1.4
10.0.5
Description
Published by the National Vulnerability Database
May 28, 2024
Published to the GitHub Advisory Database
May 28, 2024
Reviewed
May 28, 2024
Last updated
Jun 5, 2024
Credits
-
RaphaelCSSilva Reporter
Impact
Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality
Patches
12.1.4, 10.0.5
References
https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023
References