Stored XSS on Print Functionality

Moderate

netcamo published GHSA-rpj9-xjwm-wr6w

May 28, 2024

Package

Umbraco.Commerce (NuGet)

Affected versions

<12.1.4, <10.0.5

Patched versions

12.1.4, 10.0.5

Description

Impact

Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality

Patches

12.1.4, 10.0.5

References

https://docs.umbraco.com/umbraco-commerce/release-notes#id-13.0.0-december-13th-2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N