Lucene search
HistoryMay 18, 2023 - 7:15 a.m.
CVE-2019-25137
umbraco
cms
remote code execution
cve-2019-25137
nvd
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.028 Low
EPSS
Percentile
90.6%
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Affected configurations
Node
umbracoumbraco_cmsRange4.11.8–7.15.10
| CPE | Name | Operator | Version |
|---|---|---|---|
| umbraco:umbraco_cms | umbraco umbraco cms | le | 7.15.10 |
Related
cvelist
cvelist
CVE-2019-25137
2023-05-18 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2023-05-21 06:32:07
nvd
nvd
CVE-2019-25137
2023-05-18 07:15:08
prion
prion
Remote code execution
2023-05-18 07:15:00
osv
osv
CVE-2019-25137
2023-05-18 07:15:08
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
High
0.028 Low
EPSS
Percentile
90.6%
Related for CVE-2019-25137