Vulnerabilities > Umbraco > Umbraco CMS

DATE CVE VULNERABILITY TITLE RISK
2017-10-12 CVE-2017-15279 Cross-site Scripting vulnerability in Umbraco CMS
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
network
umbraco CWE-79
3.5
2014-12-27 CVE-2013-4793 Improper Authentication vulnerability in Umbraco CMS
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
network
low complexity
umbraco CWE-287
7.5