Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
umbraco umbraco cms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-9471
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
Umbraco Umbraco Cms 8.5.3
4
CVSSv2
CVE-2020-9472
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Umbraco Umbraco Cms 8.5.3
2 Github repositories
4.3
CVSSv2
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
Umbraco Umbraco Cms 8.2.2
3.5
CVSSv2
CVE-2018-17256
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
Umbraco Umbraco Cms 7.12.3
7.5
CVSSv2
CVE-2014-10074
Umbraco prior to 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
Umbraco Umbraco Cms
3.5
CVSSv2
CVE-2017-15279
Cross-site scripting (XSS) vulnerability in Umbraco CMS prior to 7.7.3 allows remote malicious users to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish....
Umbraco Umbraco Cms
4.3
CVSSv2
CVE-2017-15280
XML external entity (XXE) vulnerability in Umbraco CMS prior to 7.7.3 allows malicious users to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocu...
Umbraco Umbraco Cms
7.5
CVSSv2
CVE-2012-1301
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote malicious users to proxy requests on their behalf via the "url" parameter.
Umbraco Umbraco Cms 4.7.0
7.5
CVSSv2
CVE-2013-4793
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS prior to 6.0.4 does not require authentication, which allows remote malicious users to execute arbitrary ASP.NET code via a crafted SOAP request.
Umbraco Umbraco Cms
4.3
CVSSv2
CVE-2013-0741
Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen prior to 2.9.0 for Umbraco CMS allows remote malicious users to inject arbitrary web script or HTML via the font parameter.
Percipientstudios Imagen 2.5.6
Percipientstudios Imagen 2.5.1
Percipientstudios Imagen 2.5.3
Percipientstudios Imagen 2.5.5
Percipientstudios Imagen 2.5.2
Percipientstudios Imagen
Percipientstudios Imagen 2.5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3