Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/Umbraco.Forms@13.0.0

Type nuget

Namespace

Name Umbraco.Forms

Version 13.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-akcr-kfkq-gbhg

vulnerability_id VCID-akcr-kfkq-gbhg

summary Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of the patched versions (13.0.1, 12.2.2, 10.5.3, 8.13.13).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35239

reference_id

reference_type

scores

value	0.00568
scoring_system	epss
scoring_elements	0.69107
published_at	2026-06-12T12:55:00Z

value	0.00568
scoring_system	epss
scoring_elements	0.69014
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35239

reference_url

https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes#version-8

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes#version-8

reference_url

https://github.com/umbraco/Umbraco.Forms.Issues

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/umbraco/Umbraco.Forms.Issues

reference_url

https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values

reference_id

configuration#editing-configuration-values

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:41:29Z/

url

https://docs.umbraco.com/umbraco-forms/developer/configuration#editing-configuration-values

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-35239

reference_id

CVE-2024-35239

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-35239

reference_url

https://github.com/advisories/GHSA-p572-p2rj-q5f4

reference_id

GHSA-p572-p2rj-q5f4

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p572-p2rj-q5f4

reference_url

https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4

reference_id

GHSA-p572-p2rj-q5f4

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:41:29Z/

url

https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-p572-p2rj-q5f4

reference_url

https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes

reference_id

release-notes

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:41:29Z/

url

https://docs.umbraco.com/umbraco-forms/v/10.forms.latest/release-notes

reference_url

https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024

reference_id

release-notes#id-12.2.2-january-16th-2024

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:41:29Z/

url

https://docs.umbraco.com/umbraco-forms/v/12.forms.latest/release-notes#id-12.2.2-january-16th-2024

reference_url

https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024

reference_id

release-notes#id-13.0.1-january-16th-2024

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T20:41:29Z/

url

https://docs.umbraco.com/umbraco-forms/release-notes#id-13.0.1-january-16th-2024

fixed_packages

url	pkg:nuget/Umbraco.Forms@13.0.1
purl	pkg:nuget/Umbraco.Forms@13.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:nuget/Umbraco.Forms@13.0.1

aliases CVE-2024-35239, GHSA-p572-p2rj-q5f4

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akcr-kfkq-gbhg

Fixing_vulnerabilities

Risk_score 1.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Umbraco.Forms@13.0.0

Package Instance