Vulnerability Description
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Umbraco | Umbraco Cms | <= 7.7.2 |
Related Weaknesses (CWE)
References
- http://issues.umbraco.org/issue/U4-10497PatchVendor Advisory
- https://github.com/umbraco/Umbraco-CMS/commit/fe2b86b681455ac975b294652064b2718dPatchThird Party Advisory
- http://issues.umbraco.org/issue/U4-10497PatchVendor Advisory
- https://github.com/umbraco/Umbraco-CMS/commit/fe2b86b681455ac975b294652064b2718dPatchThird Party Advisory
FAQ
What is CVE-2017-15279?
CVE-2017-15279 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of ...
How severe is CVE-2017-15279?
CVE-2017-15279 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15279?
Check the references section above for vendor advisories and patch information. Affected products include: Umbraco Umbraco Cms.