CVE-2023-48313

Name of the Vulnerable Software and Affected Versions Umbraco versions 10.0.0 through 10.8.0 Umbraco versions 10.8.1 is not affected, but versions prior to 12.3.4 are affected, so the correct range is: Umbraco versions 10.8.2 through 12.3.3

Description The issue is a cross-site scripting (XSS) vulnerability that allows attackers to bring malicious content into a website or application. This can be exploited when users are successfully logging into the Backoffice, specifically through a DOM-XSS vulnerability.

Recommendations For Umbraco versions 10.0.0 through 10.8.0, update to version 10.8.1 to resolve the issue. For Umbraco versions 10.8.2 through 12.3.3, update to version 12.3.4 to resolve the issue.