High severity8.2NVD Advisory· Published Mar 3, 2017· Updated May 13, 2026
CVE-2015-8813
CVE-2015-8813
Description
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Umbraco.CMSNuGet | < 7.4.0 | 7.4.0 |
Patches
1924a016ffe7aFixes U4-7457 Server side request forgery (xsrf) in feedproxy.aspx
1 file changed · +3 −1
src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs+3 −1 modified@@ -27,7 +27,9 @@ protected void Page_Load(object sender, EventArgs e) if (Uri.TryCreate(url, UriKind.Absolute, out requestUri)) { var feedProxyXml = xmlHelper.OpenAsXmlDocument(IOHelper.MapPath(SystemFiles.FeedProxyConfig)); - if (feedProxyXml != null && feedProxyXml.SelectSingleNode(string.Concat("//allow[@host = '", requestUri.Host, "']")) != null) + if (feedProxyXml != null + && feedProxyXml.SelectSingleNode(string.Concat("//allow[@host = '", requestUri.Host, "']")) != null + && requestUri.Port == 80) { using (var client = new WebClient()) {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbcenvdPatchVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/02/17/5nvdExploitMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/02/16/10nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/02/17/1nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/02/18/8nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-x34j-wxq8-7vcmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8813ghsaADVISORY
- issues.umbraco.org/issue/U4-7457nvdIssue Tracking
- web.archive.org/web/20230608160721/https://issues.umbraco.org/issue/U4-7457ghsaWEB
News mentions
0No linked articles in our index yet.