Vulnerabilities > Umbraco > Umbraco CMS > 8.18.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-22 | CVE-2024-48926 | Insufficient Session Expiration vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. | 3.1 |
2024-10-22 | CVE-2024-48927 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. | 4.6 |
2024-05-21 | CVE-2024-34071 | Open Redirect vulnerability in Umbraco CMS Umbraco is an ASP.NET CMS used by more than 730.000 websites. | 6.1 |
2024-05-21 | CVE-2024-35218 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. | 4.8 |
2022-01-18 | CVE-2022-22690 | HTTP Request Smuggling vulnerability in Umbraco CMS Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. | 7.5 |
2022-01-18 | CVE-2022-22691 | HTTP Request Smuggling vulnerability in Umbraco CMS The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. | 7.4 |