Umbraco Cms@10.0.0 Security Vulnerabilities and Issues — Umbraco Cms@10.0.0 CVE List

Lucene search

UmbracoUmbraco Cms10.0.0

7 matches found

CVE•added 2023/07/13 2:15 p.m.•68 views

CVE-2023-37267

Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

9.8CVSS8.4AI score0.00313EPSS

CVE•added 2023/12/12 7:15 p.m.•46 views

CVE-2023-49273

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

5.4CVSS5.3AI score0.00264EPSS

CVE•added 2023/12/12 6:15 p.m.•38 views

CVE-2023-48313

Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for ...

6.1CVSS5.1AI score0.00572EPSS

CVE•added 2023/12/12 8:15 p.m.•33 views

CVE-2023-49274

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this i...

5.3CVSS4.7AI score0.00368EPSS

CVE•added 2023/12/12 8:15 p.m.•33 views

CVE-2023-49278

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

5.3CVSS5.1AI score0.00315EPSS

CVE•added 2023/12/12 8:15 p.m.•31 views

CVE-2023-49279

Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a brow...

5.4CVSS4.7AI score0.00446EPSS

CVE•added 2023/12/12 7:15 p.m.•29 views

CVE-2023-49089

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 co...

7.7CVSS6.8AI score0.00122EPSS