CVE-2024-10761: 
C# vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Umbraco CMS versions up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. The vulnerability affects the Dashboard component, specifically in the file path '/Umbraco/preview/frame?id{}' where manipulation of the 'culture' parameter can lead to cross-site scripting attacks (NIST NVD, GitHub Advisory).

The vulnerability exists in the preview functionality of Umbraco CMS where the 'culture' parameter in the URL path '/umbraco/preview/frame?id{}&culture=en-US' is not properly sanitized. The issue has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires low attack complexity and user interaction for exploitation (NIST NVD).

When exploited, this vulnerability allows authenticated users to execute cross-site scripting attacks when viewing previewed content. The impact primarily affects the integrity of the system with a low severity rating, while there is no direct impact on confidentiality or availability (GitHub Advisory).

The vulnerability has been patched in Umbraco CMS versions 10.8.8, 13.5.3, 14.3.2, and 15.1.2. Users are strongly recommended to upgrade to these patched versions as no alternative workarounds are available (GitHub Advisory).