Known Vulnerabilities for products from Umbraco
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Umbraco".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-37267 json | Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permi... | 9.8 - CRITICAL | 2023-07-13 | 2023-07-25 |
| CVE-2023-32312 json | UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integratio... | 5.3 - MEDIUM | 2023-06-09 | 2023-06-20 |
| CVE-2022-22691 json | The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building ... | 7.4 - HIGH | 2022-01-18 | 2022-01-26 |
| CVE-2022-22690 json | Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever app... | 7.5 - HIGH | 2022-01-18 | 2022-01-26 |
| CVE-2021-37334 json | Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote... | 9.8 - CRITICAL | 2021-08-25 | 2021-11-28 |
| CVE-2021-34254 json | Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | 6.1 - MEDIUM | 2021-06-28 | 2021-07-02 |
| CVE-2021-33224 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-02-24 | 2023-03-06 |
| CVE-2020-29454 json | Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applica... | 4.3 - MEDIUM | 2020-12-02 | 2021-07-21 |
| CVE-2020-9472 json | Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functi... | 6.5 - MEDIUM | 2020-03-16 | 2020-03-19 |
| CVE-2020-9471 json | Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages fun... | 8.8 - HIGH | 2020-03-16 | 2020-03-19 |
| CVE-2020-7685 json | This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to u... | 7.5 - HIGH | 2020-07-28 | 2023-03-02 |
| CVE-2020-7210 json | Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. | 4.3 - MEDIUM | 2020-01-23 | 2020-06-11 |
| CVE-2020-5811 json | An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which co... | 6.5 - MEDIUM | 2020-12-30 | 2021-10-18 |
| CVE-2020-5810 json | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can up... | 5.4 - MEDIUM | 2020-12-30 | 2021-01-04 |
| CVE-2020-5809 json | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript c... | 5.4 - MEDIUM | 2020-12-30 | 2021-01-04 |
| CVE-2019-25137 json | Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script... | 7.2 - HIGH | 2023-05-18 | 2023-05-26 |
| CVE-2019-13957 json | In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeNa... | 9.8 - CRITICAL | 2019-10-02 | 2019-10-04 |
| CVE-2018-17256 json | Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web ... | 4.8 - MEDIUM | 2018-11-27 | 2018-12-31 |
| CVE-2017-15280 json | XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by readi... | 5.5 - MEDIUM | 2017-10-12 | 2017-10-25 |
| CVE-2017-15279 json | Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script o... | 5.4 - MEDIUM | 2017-10-12 | 2017-10-25 |
Known software with vulnerabilities from Umbraco
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Umbraco | Umbraco | 8.2.2 |
| Application | Umbraco | Umbracoforms | - |
| Application | Umbraco | Umbraco Cms | 4.10.0 |