Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
umbraco umbraco cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-4793
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS prior to 6.0.4 does not require authentication, which allows remote malicious users to execute arbitrary ASP.NET code via a crafted SOAP request.
Umbraco Umbraco Cms
3.5
CVSSv2
CVE-2018-17256
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
Umbraco Umbraco Cms 7.12.3
4.3
CVSSv2
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
Umbraco Umbraco Cms 8.2.2
4
CVSSv2
CVE-2020-9472
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Umbraco Umbraco Cms 8.5.3
2 Github repositories
7.5
CVSSv2
CVE-2012-1301
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote malicious users to proxy requests on their behalf via the "url" parameter.
Umbraco Umbraco Cms 4.7.0
6.5
CVSSv2
CVE-2020-9471
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
Umbraco Umbraco Cms 8.5.3
NA
CVE-2024-34071
Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in vers...
4.3
CVSSv2
CVE-2013-0741
Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen prior to 2.9.0 for Umbraco CMS allows remote malicious users to inject arbitrary web script or HTML via the font parameter.
Percipientstudios Imagen
Percipientstudios Imagen 2.5.6
Percipientstudios Imagen 2.5.5
Percipientstudios Imagen 2.5.3
Percipientstudios Imagen 2.5.1
Percipientstudios Imagen 2.5.4
Percipientstudios Imagen 2.5.2
NA
CVE-2024-29035
Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.
NA
CVE-2024-35218
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7,...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3