Vulnerabilities > Umbraco > Umbraco CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-12 | CVE-2017-15279 | Cross-site Scripting vulnerability in Umbraco CMS Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. | 3.5 |
| 2014-12-27 | CVE-2013-4793 | Improper Authentication vulnerability in Umbraco CMS The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | 7.5 |