Vulnerabilities > Umbraco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-38694 | Unspecified vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.4 |
| 2023-12-12 | CVE-2023-48227 | Unspecified vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 4.3 |
| 2023-07-13 | CVE-2023-37267 | Unspecified vulnerability in Umbraco CMS Umbraco is a ASP.NET CMS. | 9.8 |
| 2023-06-09 | CVE-2023-32312 | Unspecified vulnerability in Umbraco Identity Extensibility 1.0.0/1.0.1/2.0.0 UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. | 5.3 |
| 2023-05-18 | CVE-2019-25137 | XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. | 7.2 |
| 2023-02-24 | CVE-2021-33224 | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco Forms 8.7.0 File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | 9.8 |
| 2022-01-18 | CVE-2022-22690 | HTTP Request Smuggling vulnerability in Umbraco CMS Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. | 7.5 |
| 2022-01-18 | CVE-2022-22691 | HTTP Request Smuggling vulnerability in Umbraco CMS The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. | 7.4 |
| 2021-08-25 | CVE-2021-37334 | Unspecified vulnerability in Umbraco Forms Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. | 9.8 |
| 2021-06-28 | CVE-2021-34254 | Open Redirect vulnerability in Umbraco CMS Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | 6.1 |