XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components.
Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components.
This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content.