Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

Cross-site Scripting (XSS)

Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confirmation dialog element. An attacker can execute arbitrary scripts in the context of the affected application ...

GHSA-VR9V-27GG-QGX4 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog

Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...

Cross-site Scripting (XSS)

Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UFM rendering pipeline. An attacker can execute arbitrary scripts in the context of authenticated users by injecti...

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

CVE-2026-31832 Umbraco Backoffice API Allows Unauthorized Modification of Domain Data

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via an anonymously accessible endpoint that reveals details about configured password requirements. An attacker can gain insight into password policy information...

XSS/HTML Injection Vulnerability in Umbraco Backoffice Components

Impact Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components. Patches Will be patched in 14.3.2 and 15.1.2. Note: This issue was reported by Pratik Patil from NetSPI @Nexusss-ppatil...

GHSA-WV8V-RMW2-25WC XSS/HTML Injection Vulnerability in Umbraco Backoffice Components

Impact Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components. Patches Will be patched in 14.3.2 and 15.1.2. Note: This issue was reported by Pratik Patil from NetSPI @Nexusss-ppatil...

CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...

GHSA-6324-52PR-H4P5 Using the directory back payload (“/../”) in a package name allows placement of package in other folders.

Impact Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Explanation of the vulnerability The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Overview UmbracoCms.Web is an ASP.NET CMS. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' via a specific part of the backoffice interface. An attacker with access to this area can inject unauthorized HTML code...