Vulnerabilities > CVE-2017-15280 - XXE vulnerability in Umbraco CMS

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
umbraco
CWE-611
NVD
Published: 2017-10-12
Updated: 2024-11-21

Summary

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

Vulnerable Configurations

Part Description Count
Application
Umbraco
142

Common Weakness Enumeration (CWE)

References