Vulnerabilities > Umbraco > Umbraco CMS > 8.18.10

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-48926 Insufficient Session Expiration vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15.
network
high complexity
umbraco CWE-613
3.1
3.1
2024-10-22 CVE-2024-48927 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15.
network
low complexity
umbraco CWE-79
4.6
4.6
2024-05-21 CVE-2024-34071 Open Redirect vulnerability in Umbraco CMS
Umbraco is an ASP.NET CMS used by more than 730.000 websites.
network
low complexity
umbraco CWE-601
6.1
6.1
2024-05-21 CVE-2024-35218 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites.
network
low complexity
umbraco CWE-79
4.8
4.8
2022-01-18 CVE-2022-22690 HTTP Request Smuggling vulnerability in Umbraco CMS
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site.
network
low complexity
umbraco CWE-444
7.5
7.5
2022-01-18 CVE-2022-22691 HTTP Request Smuggling vulnerability in Umbraco CMS
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.
network
low complexity
umbraco CWE-444
7.4
7.4