Vulnerabilities > Umbraco > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-09 CVE-2023-32312 Unspecified vulnerability in Umbraco Identity Extensibility 1.0.0/1.0.1/2.0.0
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration.
network
low complexity
umbraco
5.3
5.3
2021-06-28 CVE-2021-34254 Open Redirect vulnerability in Umbraco CMS
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
network
low complexity
umbraco CWE-601
6.1
6.1
2020-12-30 CVE-2020-5811 Path Traversal vulnerability in Umbraco CMS
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
network
low complexity
umbraco CWE-22
6.5
6.5
2020-12-30 CVE-2020-5810 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
low complexity
umbraco CWE-79
5.4
5.4
2020-12-30 CVE-2020-5809 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
low complexity
umbraco CWE-79
5.4
5.4
2020-12-02 CVE-2020-29454 Incorrect Authorization vulnerability in Umbraco CMS
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
network
low complexity
umbraco CWE-863
4.3
4.3
2020-03-16 CVE-2020-9472 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
network
low complexity
umbraco CWE-434
6.5
6.5
2020-01-23 CVE-2020-7210 Cross-Site Request Forgery (CSRF) vulnerability in Umbraco CMS 8.2.2
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
network
low complexity
umbraco CWE-352
4.3
4.3
2018-11-27 CVE-2018-17256 Cross-site Scripting vulnerability in Umbraco CMS 7.12.3
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.).
network
low complexity
umbraco CWE-79
4.8
4.8
2017-10-12 CVE-2017-15280 XXE vulnerability in Umbraco CMS
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.
local
low complexity
umbraco CWE-611
5.5
5.5