Vendor CVEs
Umbraco
All CVEs
56 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-22691 | 0.00 | — | 0.01 | Jan 18, 2022 | The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the… | |||
| CVE-2021-34254 | 0.00 | — | 0.01 | Jun 28, 2021 | Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | |||
| CVE-2020-5810 | 0.00 | — | 0.66 | Dec 30, 2020 | A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. | |||
| CVE-2019-13957 | 0.00 | — | 0.01 | Oct 2, 2019 | In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | |||
| CVE-2013-4793 | 0.00 | — | 0.01 | Dec 27, 2014 | The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request. | |||
| CVE-2013-0741 | 0.00 | — | 0.01 | Nov 19, 2013 | Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter. |
- CVE-2022-22691Jan 18, 2022risk 0.00cvss —epss 0.01
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the…
- CVE-2021-34254Jun 28, 2021risk 0.00cvss —epss 0.01
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
- CVE-2020-5810Dec 30, 2020risk 0.00cvss —epss 0.66
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
- CVE-2019-13957Oct 2, 2019risk 0.00cvss —epss 0.01
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
- CVE-2013-4793Dec 27, 2014risk 0.00cvss —epss 0.01
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
- CVE-2013-0741Nov 19, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter.
Page 2 of 2