Vulnerabilities > Umbraco > Umbraco CMS > 8.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-49274 | Information Exposure vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.3 |
2023-12-12 | CVE-2023-49278 | Improper Restriction of Excessive Authentication Attempts vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.3 |
2023-12-12 | CVE-2023-49279 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.4 |
2023-12-12 | CVE-2023-49089 | Path Traversal vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 6.5 |
2023-12-12 | CVE-2023-49273 | Incorrect Authorization vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.4 |
2023-12-12 | CVE-2023-38694 | Cross-site Scripting vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 5.4 |
2023-12-12 | CVE-2023-48227 | Incorrect Authorization vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system (CMS). | 4.3 |
2022-01-18 | CVE-2022-22690 | HTTP Request Smuggling vulnerability in Umbraco CMS Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. | 5.0 |
2022-01-18 | CVE-2022-22691 | HTTP Request Smuggling vulnerability in Umbraco CMS The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. | 4.3 |
2020-12-30 | CVE-2020-5811 | Path Traversal vulnerability in Umbraco CMS An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | 4.0 |