Known Vulnerabilities for Umbraco Cms by Umbraco
Listed below are 10 of the newest known vulnerabilities associated with "Umbraco Cms" by "Umbraco".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-37267 json | Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permi... | 9.8 - CRITICAL | 2023-07-13 | 2023-07-25 |
| CVE-2022-22691 json | The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building ... | 7.4 - HIGH | 2022-01-18 | 2022-01-26 |
| CVE-2022-22690 json | Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever app... | 7.5 - HIGH | 2022-01-18 | 2022-01-26 |
| CVE-2021-34254 json | Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | 6.1 - MEDIUM | 2021-06-28 | 2021-07-02 |
| CVE-2020-29454 json | Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applica... | 4.3 - MEDIUM | 2020-12-02 | 2021-07-21 |
| CVE-2020-9472 json | Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functi... | 6.5 - MEDIUM | 2020-03-16 | 2020-03-19 |
| CVE-2020-9471 json | Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages fun... | 8.8 - HIGH | 2020-03-16 | 2020-03-19 |
| CVE-2020-7210 json | Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. | 4.3 - MEDIUM | 2020-01-23 | 2020-06-11 |
| CVE-2020-5811 json | An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which co... | 6.5 - MEDIUM | 2020-12-30 | 2021-10-18 |
| CVE-2020-5810 json | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can up... | 5.4 - MEDIUM | 2020-12-30 | 2021-01-04 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Umbraco | Umbraco Cms | 8.9.1 | |||
| Application | Umbraco | Umbraco Cms | 8.9.0 | |||
| Application | Umbraco | Umbraco Cms | 8.9.0 | |||
| Application | Umbraco | Umbraco Cms | 8.8.2 | |||
| Application | Umbraco | Umbraco Cms | 8.8.0 | |||
| Application | Umbraco | Umbraco Cms | 8.8.0 | |||
| Application | Umbraco | Umbraco Cms | 8.8 | |||
| Application | Umbraco | Umbraco Cms | 8.7.1 | |||
| Application | Umbraco | Umbraco Cms | 8.7.0 | |||
| Application | Umbraco | Umbraco Cms | 8.7.0 | |||
| Application | Umbraco | Umbraco Cms | 8.6.6 | |||
| Application | Umbraco | Umbraco Cms | 8.6.5 | |||
| Application | Umbraco | Umbraco Cms | 8.6.4 | |||
| Application | Umbraco | Umbraco Cms | 8.6.3 | |||
| Application | Umbraco | Umbraco Cms | 8.6.2 | |||
| Application | Umbraco | Umbraco Cms | 8.6.1 | |||
| Application | Umbraco | Umbraco Cms | 8.6.0 | |||
| Application | Umbraco | Umbraco Cms | 8.6.0 | |||
| Application | Umbraco | Umbraco Cms | 8.5.5 | |||
| Application | Umbraco | Umbraco Cms | 8.5.4 |