Umbraco Cms@14.0.0 Security Vulnerabilities and Issues — Umbraco Cms@14.0.0 CVE List

Lucene search

UmbracoUmbraco Cms14.0.0

4 matches found

CVE•added 2024/08/20 3:15 p.m.•96 views

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.

5.3CVSS4.6AI score0.00155EPSS

CVE•added 2024/10/22 4:15 p.m.•80 views

CVE-2024-48925

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the ...

6.5CVSS4AI score0.0014EPSS

CVE•added 2024/08/20 3:15 p.m.•49 views

CVE-2024-43377

Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.

5.4CVSS5.2AI score0.00098EPSS

CVE•added 2024/10/22 4:15 p.m.•35 views

CVE-2024-47819

Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the co...

8.7CVSS4.8AI score0.00251EPSS