Vulnerabilities > Umbraco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-49273 | Incorrect Authorization vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.4 |
| 2023-12-12 | CVE-2023-48313 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 6.1 |
| 2023-12-12 | CVE-2023-38694 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.4 |
| 2023-12-12 | CVE-2023-48227 | Incorrect Authorization vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 4.3 |
| 2023-06-09 | CVE-2023-32312 | Unspecified vulnerability in Umbraco Identity Extensibility 1.0.0/1.0.1/2.0.0 UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. | 5.3 |
| 2021-06-28 | CVE-2021-34254 | Open Redirect vulnerability in Umbraco CMS Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | 6.1 |
| 2020-12-30 | CVE-2020-5811 | Path Traversal vulnerability in Umbraco CMS An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | 6.5 |
| 2020-12-30 | CVE-2020-5810 | Cross-site Scripting vulnerability in Umbraco CMS A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. | 5.4 |
| 2020-12-30 | CVE-2020-5809 | Cross-site Scripting vulnerability in Umbraco CMS A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. | 5.4 |
| 2020-12-02 | CVE-2020-29454 | Incorrect Authorization vulnerability in Umbraco CMS Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. | 4.3 |