Vulnerabilities > CVE-2017-15280 - XXE vulnerability in Umbraco CMS

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
umbraco
CWE-611
NVD
Published: 2017-10-12
Updated: 2017-10-25

Summary

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

Vulnerable Configurations

Part Description Count
Application
Umbraco
135

Common Weakness Enumeration (CWE)

References