CVE-2023-48313: 
C# vulnerability analysis and mitigation

Umbraco, an ASP.NET content management system (CMS), was found to contain a cross-site scripting (XSS) vulnerability affecting versions starting from 10.0.0 and prior to versions 10.8.1 and 12.3.4. The vulnerability was discovered and disclosed on December 12, 2023, enabling attackers to inject malicious content into websites or applications built with the affected versions (GitHub Advisory, NVD).

The vulnerability is specifically identified as a DOM-based stored cross-site scripting (XSS) issue that can be exploited when users successfully log into the Backoffice. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating it requires network access, has low attack complexity, needs no privileges, but requires user interaction (GitHub Advisory).

The vulnerability allows attackers to inject and execute malicious content within the context of the affected website or application. This could potentially lead to compromised user interactions and unauthorized modifications to web content (NVD).

The vulnerability has been patched in Umbraco versions 10.8.1 and 12.3.4. Users are advised to upgrade to these or later versions to protect against this security issue (NVD).