Vulnerabilities > Umbraco > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-10-12 CVE-2017-15279 Cross-site Scripting vulnerability in Umbraco CMS
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
network
low complexity
umbraco CWE-79
5.4
5.4
2017-03-03 CVE-2015-8815 Cross-site Scripting vulnerability in Umbraco
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
network
low complexity
umbraco CWE-79
6.1
6.1