Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2025-24012

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 contain a patch.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Umbraco.Cms.StaticAssets 14.0.0 14.3.2
Umbraco.Cms.StaticAssets 15.0.0 15.1.2
@umbraco-cms / backoffice 14.0.0 14.3.2
@umbraco-cms / backoffice 15.0.0 15.1.2
umbraco / umbraco_cms 15.0.0 15.1.2
umbraco / umbraco_cms 14.0.0 14.3.2