Vulnerabilities > Umbraco > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-47819 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0.
network
low complexity
umbraco CWE-79
8.7
2023-05-18 CVE-2019-25137 XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
network
low complexity
umbraco CWE-91
7.2
2020-07-28 CVE-2020-7685 Insecure Default Initialization of Resource vulnerability in Umbraco Forms
This affects all versions of package UmbracoForms.
network
low complexity
umbraco CWE-1188
7.5
2019-10-02 CVE-2019-13957 SQL Injection vulnerability in Umbraco 7.3.8
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
network
low complexity
umbraco CWE-89
7.5
2018-08-27 CVE-2014-10074 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
network
low complexity
umbraco CWE-434
7.5
2017-04-13 CVE-2012-1301 Improper Input Validation vulnerability in Umbraco CMS 4.7.0
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
network
low complexity
umbraco CWE-20
7.5
2014-12-27 CVE-2013-4793 Improper Authentication vulnerability in Umbraco CMS
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
network
low complexity
umbraco CWE-287
7.5