Vulnerabilities > Umbraco

DATE CVE VULNERABILITY TITLE RISK
2021-08-25 CVE-2021-37334 Unspecified vulnerability in Umbraco Forms
A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.
network
umbraco
6.8
2021-06-28 CVE-2021-34254 Open Redirect vulnerability in Umbraco CMS
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
network
umbraco CWE-601
5.8
2020-12-30 CVE-2020-5811 Path Traversal vulnerability in Umbraco CMS
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
network
low complexity
umbraco CWE-22
4.0
2020-12-30 CVE-2020-5810 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
umbraco CWE-79
3.5
2020-12-30 CVE-2020-5809 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
umbraco CWE-79
3.5
2020-12-02 CVE-2020-29454 Incorrect Permission Assignment for Critical Resource vulnerability in Umbraco CMS
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
network
low complexity
umbraco CWE-732
4.0
2020-07-28 CVE-2020-7685 Insecure Default Initialization of Resource vulnerability in Umbraco Umbracoforms
This affects all versions of package UmbracoForms.
network
low complexity
umbraco CWE-1188
5.0
2020-03-16 CVE-2020-9472 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
network
low complexity
umbraco CWE-434
4.0
2020-03-16 CVE-2020-9471 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
network
low complexity
umbraco CWE-434
6.5
2020-01-23 CVE-2020-7210 Cross-Site Request Forgery (CSRF) vulnerability in Umbraco CMS 8.2.2
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
network
umbraco CWE-352
4.3