3 matches found
CVE-2026-46616
Umbraco CMS (ASP.NET) contains an Open Redirect vulnerability in Surface Controllers used for member-related operations. Prior to versions 13.14.0 and 17.4.0, redirect URL validation fails for RedirectUrl supplied via user-controlled query parameters, allowing Razor templates to derive RedirectUr...
VulnCheck KEV: CVE-2015-8813
The PageLoad function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery SSRF attacks via the url parameter...
Cross-site Scripting (XSS)
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Exploiting this vulnerability is possible via the PageName aka nodename parameter during the creation of a new page. Details Cross-site...