VYPR

Vendor CVEs

Umbraco

All CVEs

56 total · sorted by risk
  • CVE-2022-22691Jan 18, 2022
    risk 0.00cvss epss 0.01

    The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the…

  • CVE-2021-34254Jun 28, 2021
    risk 0.00cvss epss 0.01

    Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.

  • CVE-2020-5810Dec 30, 2020
    risk 0.00cvss epss 0.66

    A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.

  • CVE-2019-13957Oct 2, 2019
    risk 0.00cvss epss 0.01

    In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.

  • CVE-2013-4793Dec 27, 2014
    risk 0.00cvss epss 0.01

    The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

  • CVE-2013-0741Nov 19, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter.

Page 2 of 2