Umbraco Forms Security Vulnerabilities and Issues — Umbraco Forms CVE List

Lucene search

UmbracoUmbraco Forms

3 matches found

CVE•added 2020/07/28 5:15 p.m.•74 views

CVE-2020-7685

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that bloc...

7.5CVSS6.5AI score0.00449EPSS

CVE•added 2023/02/24 4:15 p.m.•49 views

CVE-2021-33224

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.

9.8CVSS9.5AI score0.00371EPSS

CVE•added 2025/05/13 5:16 p.m.•28 views

CVE-2025-47280

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow...

6.3CVSS7AI score0.00051EPSS