Vulnerabilities > Umbraco > Umbraco CMS > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-49273 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
5.4
5.4
2023-12-12 CVE-2023-48313 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
6.1
6.1
2023-12-12 CVE-2023-38694 Cross-site Scripting vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-79
5.4
5.4
2023-12-12 CVE-2023-48227 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco is an ASP.NET content management system (CMS).
network
low complexity
umbraco CWE-863
4.3
4.3
2021-06-28 CVE-2021-34254 Open Redirect vulnerability in Umbraco CMS
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
network
low complexity
umbraco CWE-601
6.1
6.1
2020-12-30 CVE-2020-5811 Path Traversal vulnerability in Umbraco CMS
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
network
low complexity
umbraco CWE-22
6.5
6.5
2020-12-30 CVE-2020-5810 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
low complexity
umbraco CWE-79
5.4
5.4
2020-12-30 CVE-2020-5809 Cross-site Scripting vulnerability in Umbraco CMS
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current.
network
low complexity
umbraco CWE-79
5.4
5.4
2020-12-02 CVE-2020-29454 Incorrect Authorization vulnerability in Umbraco CMS
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
network
low complexity
umbraco CWE-863
4.3
4.3
2020-03-16 CVE-2020-9472 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
network
low complexity
umbraco CWE-434
6.5
6.5