Umbraco Cms Security Vulnerabilities and Issues — Umbraco Cms CVE List

Lucene search

UmbracoUmbraco Cms

10 matches found

CVE•added 2025/03/11 4:15 p.m.•94 views

CVE-2025-27602

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders...

4.9CVSS5AI score0.00049EPSS

CVE•added 2020/12/02 2:15 a.m.•79 views

CVE-2020-29454

Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.

4.3CVSS4.4AI score0.00187EPSS

CVE•added 2025/03/11 4:15 p.m.•74 views

CVE-2025-27601

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be rest...

4.3CVSS4.4AI score0.00049EPSS

CVE•added 2020/01/23 1:15 p.m.•57 views

CVE-2020-7210

Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.

4.3CVSS4.6AI score0.00232EPSS

CVE•added 2024/05/21 2:15 p.m.•56 views

CVE-2024-35218

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implemen...

4.8CVSS4.2AI score0.0052EPSS

CVE•added 2024/10/22 4:15 p.m.•46 views

CVE-2024-48927

Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full sc...

4.6CVSS5.3AI score0.00114EPSS

CVE•added 2024/10/22 4:15 p.m.•43 views

CVE-2024-48929

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue.

4.2CVSS4.4AI score0.00083EPSS

CVE•added 2018/11/27 9:0 p.m.•37 views

CVE-2018-17256

Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.

4.8CVSS4.7AI score0.00508EPSS

CVE•added 2024/10/22 4:15 p.m.•35 views

CVE-2024-48926

Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page with a session timeout message before the server sessi...

4.2CVSS4.3AI score0.00083EPSS

CVE•added 2023/12/12 5:15 p.m.•33 views

CVE-2023-48227

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a pa...

4.3CVSS4.4AI score0.00114EPSS