Umbraco · Umbraco · CVE-2025-24012
**Name of the Vulnerable Software and Affected Versions**
Umbraco versions 14.0.0 through 14.3.1
Umbraco versions 15.0.0 through 15.1.1
**Description**
The issue allows authenticated users to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components.
**Recommendations**
For Umbraco versions 14.0.0 through 14.3.1, update to version 14.3.2 to resolve the issue.
For Umbraco versions 15.0.0 through 15.1.1, update to version 15.1.2 to resolve the issue.
As a temporary workaround, consider restricting access to localized backoffice components until a patch is applied.