Umbraco Cms Security Vulnerabilities and Issues — Umbraco Cms CVE List

Lucene search

UmbracoUmbraco Cms

8 matches found

CVE•added 2023/12/12 7:15 p.m.•40 views

CVE-2023-49273

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

5.4CVSS5.3AI score0.00264EPSS

CVE•added 2023/12/12 6:15 p.m.•37 views

CVE-2023-48313

Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for ...

6.1CVSS5.1AI score0.00572EPSS

CVE•added 2023/12/12 5:15 p.m.•35 views

CVE-2023-38694

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain ...

5.4CVSS4.6AI score0.00491EPSS

CVE•added 2023/12/12 5:15 p.m.•33 views

CVE-2023-48227

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a pa...

4.3CVSS4.4AI score0.00114EPSS

CVE•added 2023/12/12 8:15 p.m.•32 views

CVE-2023-49274

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this i...

5.3CVSS4.7AI score0.00368EPSS

CVE•added 2023/12/12 8:15 p.m.•32 views

CVE-2023-49278

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

5.3CVSS5.1AI score0.00315EPSS

CVE•added 2023/12/12 8:15 p.m.•30 views

CVE-2023-49279

Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a brow...

5.4CVSS4.7AI score0.00446EPSS

CVE•added 2023/12/12 7:15 p.m.•28 views

CVE-2023-49089

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 co...

7.7CVSS6.8AI score0.00122EPSS