Vulnerabilities > Umbraco > Umbraco CMS > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-47819 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0.
network
low complexity
umbraco CWE-79
8.7
2023-05-18 CVE-2019-25137 XML Injection (aka Blind XPath Injection) vulnerability in Umbraco CMS
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
network
low complexity
umbraco CWE-91
7.2
2018-08-27 CVE-2014-10074 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
network
low complexity
umbraco CWE-434
7.5
2014-12-27 CVE-2013-4793 Improper Authentication vulnerability in Umbraco CMS
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
network
low complexity
umbraco CWE-287
7.5