Umbraco Security Vulnerabilities and Issues — Umbraco CVE List

Lucene search

UmbracoUmbraco

4 matches found

cve•added 2017/03/03 4:59 p.m.•113 views

CVE-2015-8813

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.

8.2CVSS8.2AI score0.83448EPSS

cve•added 2019/10/02 7:15 p.m.•51 views

CVE-2019-13957

In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.

9.8CVSS9.8AI score0.00441EPSS

cve•added 2017/03/03 4:59 p.m.•45 views

CVE-2015-8814

Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.

8.8CVSS8.7AI score0.00106EPSS

cve•added 2017/03/03 4:59 p.m.•34 views

CVE-2015-8815

Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.

6.1CVSS6AI score0.002EPSS