Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
umbraco umbraco cms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-49279
Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media...
Umbraco Umbraco Cms
4.3
CVSSv3
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
Umbraco Umbraco Cms 8.2.2
4.8
CVSSv3
CVE-2018-17256
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
Umbraco Umbraco Cms 7.12.3
8.8
CVSSv3
CVE-2020-9471
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
Umbraco Umbraco Cms 8.5.3
6.5
CVSSv3
CVE-2020-9472
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Umbraco Umbraco Cms 8.5.3
2 Github repositories
9.8
CVSSv3
CVE-2012-1301
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote malicious users to proxy requests on their behalf via the "url" parameter.
Umbraco Umbraco Cms 4.7.0
NA
CVE-2013-0741
Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen prior to 2.9.0 for Umbraco CMS allows remote malicious users to inject arbitrary web script or HTML via the font parameter.
Percipientstudios Imagen
Percipientstudios Imagen 2.5.6
Percipientstudios Imagen 2.5.5
Percipientstudios Imagen 2.5.3
Percipientstudios Imagen 2.5.1
Percipientstudios Imagen 2.5.4
Percipientstudios Imagen 2.5.2
NA
CVE-2024-29035
Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3