CVE-2025-23041

Medium

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer…

GitHub_M·CWE-20·Published 2025-01-14

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

345 chars

Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

NVDen

345 chars

OSV.deven

189 chars

### Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. ### Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2

GHSAen

189 chars

### Impact Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. ### Patches Patched in 8.13.16, 10.5.7, 13.2.2, 14.1.2

NVDes

419 chars

Umbraco.Forms es un formulario web Framework escrito para el ecosistema NuGet. Los límites de caracteres configurados por los editores para los campos de respuesta cortos y largos se validan solo en el lado del cliente, no en el lado del servidor. Este problema se ha corregido en las versiones 8.13.16, 10.5.7, 13.2.2 y 14.1.2. Se recomienda a los usuarios que actualicen. No se conocen Workarounds para este problema.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.1	Primary	cve.org	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3.1	Secondary	GHSA	5.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
3.1	Secondary	NVD	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L