Improper Input Validation Affecting umbraco.forms package, versions [,10.5.7)[11.0.0-rc1, <13.2.2)[14.0.0-beta00, <14.1.2)


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.36% (28th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DOTNET-UMBRACOFORMS-8623547
  • published15 Jan 2025
  • disclosed14 Jan 2025
  • creditRGV2ZWxvcGVy

Introduced: 14 Jan 2025

CVE-2025-23041  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade Umbraco.Forms to version 10.5.7, <13.2.2, <14.1.2 or higher.

Overview

Umbraco.Forms is an a form creator that's as easy to use.

Affected versions of this package are vulnerable to Improper Input Validation due to the lack of server-side validation for character limits in short and long answer fields. An attacker can bypass client-side validations and submit excessively long inputs by crafting malicious input that exceeds the expected field length.

References

CVSS Base Scores

version 4.0
version 3.1