Vulnerabilities > Umbraco > Umbraco CMS > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-22 | CVE-2024-48926 | Insufficient Session Expiration vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. | 3.1 |
2020-12-30 | CVE-2020-5809 | Cross-site Scripting vulnerability in Umbraco CMS A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. | 3.5 |
2020-12-30 | CVE-2020-5810 | Cross-site Scripting vulnerability in Umbraco CMS A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. | 3.5 |
2018-11-27 | CVE-2018-17256 | Cross-site Scripting vulnerability in Umbraco CMS 7.12.3 Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). | 3.5 |
2017-10-12 | CVE-2017-15279 | Cross-site Scripting vulnerability in Umbraco CMS Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. | 3.5 |