Vulnerabilities > Umbraco > Umbraco CMS > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-47819 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0.
network
low complexity
umbraco CWE-79
8.7
2023-05-18 CVE-2019-25137 XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
network
low complexity
umbraco CWE-91
7.2
2022-01-18 CVE-2022-22690 HTTP Request Smuggling vulnerability in Umbraco CMS
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site.
network
low complexity
umbraco CWE-444
7.5
2022-01-18 CVE-2022-22691 HTTP Request Smuggling vulnerability in Umbraco CMS
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL.
network
low complexity
umbraco CWE-444
7.4
2020-03-16 CVE-2020-9471 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
network
low complexity
umbraco CWE-434
8.8