NuGet package
umbracoforms
pkg:nuget/umbracoforms
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68924 | — | <= 8.13.16 | — | Jan 16, 2026 | In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution. | ||
| CVE-2025-47280 | — | >= 7.0.0, <= 8.13.16 | — | May 13, 2025 | Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form | ||
| CVE-2025-23041 | — | < 8.13.16 | 8.13.16 | Jan 14, 2025 | Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are a | ||
| CVE-2020-7685 | — | <= 8.4.1 | — | Jul 28, 2020 | This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend v |
- CVE-2025-68924Jan 16, 2026affected <= 8.13.16
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
- CVE-2025-47280May 13, 2025affected >= 7.0.0, <= 8.13.16
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form
- CVE-2025-23041Jan 14, 2025affected < 8.13.16fixed 8.13.16
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are a
- CVE-2020-7685Jul 28, 2020affected <= 8.4.1
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend v