PT-2025-19982 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 10.8.10 Umbraco versions prior to 13.8.1 Description: The issue allows an attacker to determine whether an account exists based on an analysis of the timing of post login API responses. No known workarounds are...

XSS/HTML Injection Vulnerability in Umbraco Preview Badge

Impact Authenticated users are able to exploit an XSS vulnerability when viewing previewed content. Patches Will be patched in 10.8.8, 13.5.3, 14.3.2 and 15.1.2. Workarounds None available...

CVE-2025-24012 Umbraco Backoffice Components Have XSS/HTML Injection Vulnerability

Umbraco is a free and open source .NET content management system. Starting in version 14.0.0 and prior to versions 14.3.2 and 15.1.2, authenticated users are able to exploit a cross-site scripting vulnerability when viewing certain localized backoffice components. Versions 14.3.2 and 15.1.2 conta...