PT-2026-42647 · Nuget · Umbraco Cms
Published
2026-05-21
·
Updated
2026-05-21
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Impact
Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding.
Patches
This issue has been patched in 17.4.0
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Umbraco Cms