831 matches found
Umbraco <7.4.0- Server-Side Request Forgery
Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...
CVE-2026-46616
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...
CVE-2026-46609
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
EUVD-2026-36070
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
CVE-2026-46609
CVE-2026-46609 affects Umbraco CMS (ASP.NET). From 14.0.0 up to before 17.4.0, authenticated users can inject HTML into an input field, which is rendered in the backoffice confirmation dialog without proper output encoding, enabling a Cross‑Site Scripting (XSS) vector. The issue is mitigated by u...
CVE-2026-46609 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
CVE-2026-46609 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
CVE-2026-46616 Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...
CVE-2026-46616 Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...
EUVD-2026-36069
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...
CVE-2026-46616
Umbraco CMS (ASP.NET) contains an Open Redirect vulnerability in Surface Controllers used for member-related operations. Prior to versions 13.14.0 and 17.4.0, redirect URL validation fails for RedirectUrl supplied via user-controlled query parameters, allowing Razor templates to derive RedirectUr...
Umbraco 输入验证错误漏洞
Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco before 13.14.0 and 17.4.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from some Surface controllers failing to validate the redirect...
Umbraco 跨站脚本漏洞
Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 14.0.0 to 17.4.0 had a cross-site scripting vulnerability. This vulnerability allowed authenticated users to inject HTML into input fields, with improperly encoded output i...
Cross-site Scripting (XSS)
Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confirmation dialog element. An attacker can execute arbitrary scripts in the context of the affected application ...
GHSA-VR9V-27GG-QGX4 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...
GHSA-2QJJ-H6WP-C7H7 Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the RedirectUrl parameter in UmbLoginStatusController, UmbRegisterController, UmbProfileController controllers. An attacker can redirect users to arbitrary external sites by supplying a crafted URL in user-controlled...
PT-2026-42585
Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...