Vulnerabilities > Umbraco > Low

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-48926 Insufficient Session Expiration vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15.
network
high complexity
umbraco CWE-613
3.1
2020-12-30 CVE-2020-5809 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
umbraco CWE-79
3.5
2020-12-30 CVE-2020-5810 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
umbraco CWE-79
3.5
2018-11-27 CVE-2018-17256 Cross-site Scripting vulnerability in Umbraco CMS 7.12.3
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.).
network
umbraco CWE-79
3.5
2017-10-12 CVE-2017-15279 Cross-site Scripting vulnerability in Umbraco CMS
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
network
umbraco CWE-79
3.5