Vulnerabilities > Umbraco > Umbraco CMS

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2021-34254 Open Redirect vulnerability in Umbraco CMS
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
network
low complexity
umbraco CWE-601
6.1
6.1
2020-12-30 CVE-2020-5811 Path Traversal vulnerability in Umbraco CMS
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
network
low complexity
umbraco CWE-22
6.5
6.5
2020-12-30 CVE-2020-5810 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
low complexity
umbraco CWE-79
5.4
5.4
2020-12-30 CVE-2020-5809 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
low complexity
umbraco CWE-79
5.4
5.4
2020-12-02 CVE-2020-29454 Incorrect Authorization vulnerability in Umbraco CMS
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
network
low complexity
umbraco CWE-863
4.3
4.3
2020-03-16 CVE-2020-9472 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
network
low complexity
umbraco CWE-434
6.5
6.5
2020-03-16 CVE-2020-9471 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
network
low complexity
umbraco CWE-434
8.8
8.8
2020-01-23 CVE-2020-7210 Cross-Site Request Forgery (CSRF) vulnerability in Umbraco CMS 8.2.2
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
network
low complexity
umbraco CWE-352
4.3
4.3
2018-11-27 CVE-2018-17256 Cross-site Scripting vulnerability in Umbraco CMS 7.12.3
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.).
network
low complexity
umbraco CWE-79
4.8
4.8
2018-08-27 CVE-2014-10074 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
network
low complexity
umbraco CWE-434
critical
 9.8
9.8