0Xdf

**Name of the Vulnerable Software and Affected Versions** Umbraco CMS versions 4.11.8 through 7.15.10 Umbraco CMS version 7.12.4 **Description** The issue allows Remote Code Execution by authenticated administrators via `msxsl:script` in an `xsltSelection` to "developer/Xslt/xsltVisualize.aspx". **Recommendations** For Umbraco CMS versions 4.11.8 through 7.15.10, consider disabling access to "developer/Xslt/xsltVisualize.aspx" until a patch is available. For Umbraco CMS version 7.12.4, restrict the use of `msxsl:script` in `xsltSelection` to minimize the risk of exploitation.