pkg:NuGet/Umbraco.CMS

13 total CVEsHIGH2MEDIUM4LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2015-8814Umbraco CMS vulnerable to CSRF
    from 0, < 7.4.0
  • HIGH8.2CVE-2015-8813Umbraco CMS vulnerable to CSRF
    from 0, < 7.4.0
  • MEDIUM5.4CVE-2023-49273Privilege Escalation using Spoofing
    >= 8.0.0, < 8.18.10
  • MEDIUM4.3CVE-2023-48313DOM-XSS on Backoffice login screen.
    >= 10.0.0, < 10.8.1
  • MEDIUM4.2CVE-2024-48929Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
    >= 13.0.0, < 13.5.2
  • MEDIUM4.2CVE-2024-48926Umbraco CMS logout page displayed before session expiration
    >= 13.0.0, < 13.5.2
  • LOW3.7CVE-2023-49274SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
    >= 8.0.0, < 8.18.10
  • NONE0.0CVE-2024-48925Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
    >= 14.0.0, < 14.3.0
  • NONE0.0CVE-2023-49279Stored XSS via SVG File Upload
    >= 7.0.0, < 7.15.11
  • NONE0.0CVE-2023-49278Brute force exploit can be used to collect valid usernames
    >= 8.0.0, < 8.18.10
  • NONE0.0CVE-2023-49089Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
    >= 8.0.0, < 8.18.10
  • NONE0.0CVE-2023-48227Backoffice User can bypass "Publish" restriction
    >= 8.0.0, < 8.18.10
  • NONE0.0CVE-2023-38694Possible injection of HTML into user invite mails
    >= 8.0.0, < 8.18.10