Vulnerabilities > Umbraco > Umbraco CMS

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-49279 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
5.4
2023-12-12 CVE-2023-49089 Path Traversal vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-22
6.5
2023-12-12 CVE-2023-49273 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
5.4
2023-12-12 CVE-2023-48313 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
6.1
2023-12-12 CVE-2023-38694 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
5.4
2023-12-12 CVE-2023-48227 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
4.3
2023-07-13 CVE-2023-37267 Unspecified vulnerability in Umbraco CMS
Umbraco is a ASP.NET CMS.
network
low complexity
umbraco
critical
9.8
2023-05-18 CVE-2019-25137 XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
network
low complexity
umbraco CWE-91
7.2
2022-01-18 CVE-2022-22690 HTTP Request Smuggling vulnerability in Umbraco CMS
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site.
network
low complexity
umbraco CWE-444
7.5
2022-01-18 CVE-2022-22691 HTTP Request Smuggling vulnerability in Umbraco CMS
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.
network
low complexity
umbraco CWE-444
7.4