Vulnerabilities > Umbraco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-47819 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. | 8.7 |
| 2023-05-18 | CVE-2019-25137 | XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. | 7.2 |
| 2022-01-18 | CVE-2022-22690 | HTTP Request Smuggling vulnerability in Umbraco CMS Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. | 7.5 |
| 2022-01-18 | CVE-2022-22691 | HTTP Request Smuggling vulnerability in Umbraco CMS The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. | 7.4 |
| 2020-07-28 | CVE-2020-7685 | Insecure Default Initialization of Resource vulnerability in Umbraco Forms This affects all versions of package UmbracoForms. | 7.5 |
| 2020-03-16 | CVE-2020-9471 | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3 Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | 8.8 |
| 2017-03-03 | CVE-2015-8814 | Cross-Site Request Forgery (CSRF) vulnerability in Umbraco 7.3.8 Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file. | 8.8 |
| 2017-03-03 | CVE-2015-8813 | Server-Side Request Forgery (SSRF) vulnerability in Umbraco The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | 8.2 |