Umbraco: Vulnerability in Scalable Vector Graphics File Preview - Proactive Insights and Support For Open-Source Applications

In Umbraco versions 13.x before 13.5.2, 10.x before 10.8.7, and 8.x before 8.18.15 a medium severity vulnerability CVE-2024-48927 was detected. This vulnerability allows attackers to execute code remotely when Backoffice users “preview” SVG files in full-screen mode. To address this issue, update to versions 13.5.2, 10.8.7, or 8.18.15. As a workaround, enable server-side file validation to strip script tags from the content during file uploads. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-48927.