Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 18/05/2023 Updated: 26/05/2023

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

Umbraco CMS 4.11.8 up to and including 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

Vulnerable Product	Search on Vulmon	Subscribe to Product
umbraco umbraco cms

A writeup investigating the full extent of CVE-2019-25137

CVE-2019-25137 Affected Version Research CVE-2019-25137 Overview CVE-2019-25137 is a XSLT injection vulnerability in Umbraco CMS The vulnerability is present in the XSLT (Extensive Stylesheet Language Transformations) Visualizer webpage The vulnerable URI for this webpage is /umbraco/developer/Xslt/xsltVisualizeaspx Successful exploitation of the XSLT Visualizer can resul

CWE-91 https://www.exploit-db.com/exploits/46153 https://github.com/noraj/Umbraco-RCE https://0xdf.gitlab.io/2020/09/05/htb-remote.html https://github.com/Ickarah/CVE-2019-25137-Version-Research https://nvd.nist.gov https://github.com/Ickarah/CVE-2019-25137-Version-Research

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-25137

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect