CVE-2024-48927: 
C# vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2024-48927) was discovered in Umbraco, a free and open source .NET content management system. The vulnerability affects versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The issue allows potential code execution for Backoffice users when they 'preview' SVG files in full screen mode (Vendor Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is unchanged, with low impact on confidentiality and integrity, and no impact on availability (NVD).

The vulnerability allows potential code execution through SVG file preview functionality in the Umbraco backoffice. This could lead to unauthorized code execution when users preview SVG files in full screen mode, potentially compromising the security of the affected system (Vendor Advisory).

The vulnerability has been patched in versions 13.5.2, 10.8.7, and 8.18.15. As a workaround, server-side file validation is available to strip script tags from file's content during the file upload process (Vendor Advisory).