CVE-2026-46609

MEDIUM(4.6)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Risk Signal Score17/100 — NIEDRIG

CVSS 4.6 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.6

Technische Schwere

Beschreibung

Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0.

GitHub Advisories

GHSA-vr9v-27gg-qgx4MEDIUM

Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

nuget/Umbraco.Cms→ 17.4.0

GitHub Advisory

Referenzen

https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-vr9v-27gg-qgx4