Umbraco Cms Security Vulnerabilities and Issues — Umbraco Cms CVE List

Lucene search

UmbracoUmbraco Cms

3 matches found

CVE•added 2017/04/13 5:59 p.m.•50 views

CVE-2012-1301

The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.

9.8CVSS9.2AI score0.03164EPSS

CVE•added 2017/10/12 8:29 a.m.•48 views

CVE-2017-15280

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

5.5CVSS5.2AI score0.00193EPSS

CVE•added 2017/10/12 8:29 a.m.•43 views

CVE-2017-15279

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.prese...

5.4CVSS5.3AI score0.00195EPSS