Vulnerabilities > Umbraco > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-48313 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
6.1
2023-12-12 CVE-2023-38694 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
5.4
2023-12-12 CVE-2023-48227 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
4.3
2023-06-09 CVE-2023-32312 Unspecified vulnerability in Umbraco Identity Extensibility 1.0.0/1.0.1/2.0.0
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration.
network
low complexity
umbraco
5.3
2022-01-18 CVE-2022-22690 HTTP Request Smuggling vulnerability in Umbraco CMS
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site.
network
low complexity
umbraco CWE-444
5.0
2022-01-18 CVE-2022-22691 HTTP Request Smuggling vulnerability in Umbraco CMS
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.
network
umbraco CWE-444
4.3
2021-06-28 CVE-2021-34254 Open Redirect vulnerability in Umbraco CMS
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
network
umbraco CWE-601
5.8
2020-12-30 CVE-2020-5811 Path Traversal vulnerability in Umbraco CMS
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
network
low complexity
umbraco CWE-22
4.0
2020-12-02 CVE-2020-29454 Incorrect Permission Assignment for Critical Resource vulnerability in Umbraco CMS
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
network
low complexity
umbraco CWE-732
4.0
2020-03-16 CVE-2020-9472 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
network
low complexity
umbraco CWE-434
4.0