NuGet package
umbracocms.core
pkg:nuget/umbracocms.core
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35218 | — | >= 8.0.0, < 8.18.13 | 8.18.13 | May 21, 2024 | Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, | ||
| CVE-2024-34071 | — | >= 8.18.5, < 8.18.14 | 8.18.14 | May 21, 2024 | Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in vers | ||
| CVE-2020-5809 | — | <= 8.9.1 | — | Dec 30, 2020 | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. | ||
| CVE-2020-9471 | — | <= 8.5.3 | — | Mar 16, 2020 | Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | ||
| CVE-2020-7210 | — | < 8.5.0 | 8.5.0 | Jan 23, 2020 | Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. |
- CVE-2024-35218May 21, 2024affected >= 8.0.0, < 8.18.13fixed 8.18.13
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7,
- CVE-2024-34071May 21, 2024affected >= 8.18.5, < 8.18.14fixed 8.18.14
Umbraco is an ASP.NET CMS used by more than 730.000 websites. Umbraco has an endpoint that is vulnerable to open redirects. The endpoint is protected so it requires the user to be signed into backoffice before the vulnerable is exposed. This vulnerability has been patched in vers
- CVE-2020-5809Dec 30, 2020affected <= 8.9.1
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
- CVE-2020-9471Mar 16, 2020affected <= 8.5.3
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
- CVE-2020-7210Jan 23, 2020affected < 8.5.0fixed 8.5.0
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.