Persistent Cross-Site Scripting (XSS) Vulnerability in Umbraco CMS 7.12.3 via Header Name Injection

Persistent Cross-Site Scripting (XSS) Vulnerability in Umbraco CMS 7.12.3 via Header Name Injection

CVE-2018-17256 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.

Learn more about our Web App Pen Testing.