Umbraco Cms@* Security Vulnerabilities and Issues — Umbraco Cms@* CVE List

Lucene search

UmbracoUmbraco Cms*

11 matches found

CVE•added 2024/08/20 3:15 p.m.•94 views

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

5.3CVSS4.6AI score0.00155EPSS

CVE•added 2024/10/22 4:15 p.m.•79 views

CVE-2024-48925

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the ...

6.5CVSS4AI score0.0011EPSS

CVE•added 2024/03/20 8:15 p.m.•76 views

CVE-2024-28868

Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logi...

5.3CVSS3.8AI score0.00168EPSS

CVE•added 2024/05/21 2:15 p.m.•56 views

CVE-2024-35218

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implemen...

4.8CVSS4.2AI score0.0052EPSS

CVE•added 2024/04/17 3:15 p.m.•55 views

CVE-2024-29035

Umbraco is an ASP.NET CMS. Failing webhooks logs are available when solution is not in debug mode. Those logs can contain information that is critical. This vulnerability is fixed in 13.1.1.

5.3CVSS6.3AI score0.00153EPSS

CVE•added 2024/05/21 2:15 p.m.•51 views

CVE-2024-34071

Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in version(s) 8.18.14, 10....

6.1CVSS6.1AI score0.00385EPSS

CVE•added 2024/08/20 3:15 p.m.•47 views

CVE-2024-43377

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.

5.4CVSS5.2AI score0.00098EPSS

CVE•added 2024/10/22 4:15 p.m.•46 views

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full sc...

4.6CVSS5.3AI score0.00114EPSS

CVE•added 2024/10/22 4:15 p.m.•43 views

CVE-2024-48929

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue.

4.2CVSS4.4AI score0.00083EPSS

CVE•added 2024/10/22 4:15 p.m.•35 views

CVE-2024-48926

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server sessi...

4.2CVSS4.3AI score0.00083EPSS

CVE•added 2024/10/22 4:15 p.m.•34 views

CVE-2024-47819

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the co...

8.7CVSS4.8AI score0.00172EPSS