📦 Umbraco Cms

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to upload malicious PDF files that can lead to remote code execution. This affects administrators who have not implemente...

This vulnerability allows unauthenticated attackers to upload and execute arbitrary ASPX scripts on Umbraco CMS servers. Attackers can achieve remote code execution by exploiting a path traversal flaw...

This vulnerability allows authenticated Umbraco backoffice users with package creation permissions to perform path traversal attacks, enabling them to write files outside intended directories. It affe...

This vulnerability allows authenticated administrators in Umbraco CMS to execute arbitrary code remotely via XSLT processing. Attackers can inject malicious scripts through the xsltVisualize.aspx page...

CVE-2022-22690 allows attackers to overwrite the UmbracoApplicationUrl configuration in Umbraco CMS, enabling them to redirect password reset and user invitation links to malicious servers. This can l...

CVE-2021-47776 is a server-side request forgery (SSRF) vulnerability in Umbraco CMS that allows attackers to manipulate baseUrl parameters in dashboard and help controller endpoints. This enables unau...

This vulnerability in Umbraco CMS allows attackers with backoffice access to enumerate arbitrary files on the server filesystem by exploiting predictable temporary file paths during dictionary uploads...

This vulnerability allows unauthorized users to access cached content from Umbraco's Content Delivery API even when API key authentication is required. Attackers can retrieve sensitive cached response...

This vulnerability allows attackers to upload files with disallowed extensions in Umbraco CMS by manipulating API requests. It affects Umbraco installations from version 14.0.0 up to (but not includin...

This CVE describes a timing attack vulnerability in Umbraco CMS that allows attackers to determine whether specific user accounts exist by analyzing post-login API response times. This affects all Umb...

An improper API access control vulnerability in Umbraco CMS allows authenticated users with low privileges to create and update data type information, which should be restricted to users with settings...

A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows authenticated attackers with CMS access to inject malicious scripts that execute when other users view affected content....

This vulnerability in Umbraco CMS allows attackers to determine whether specific user accounts exist by analyzing response codes and timing differences in management API responses. It affects Umbraco ...

This vulnerability in Umbraco CMS allows session persistence after explicit sign-out, meaning users who log out may still have active server sessions. It affects Umbraco 13.x versions before 13.5.2 an...

Umbraco CMS has an insufficient session expiration vulnerability where the logout page displays a session timeout message approximately 30 seconds before the server session actually expires. This affe...

This CVE describes a cross-site scripting (XSS) vulnerability in Umbraco CMS that allows attackers to execute malicious JavaScript in the context of authenticated users. If exploited against an admini...

This vulnerability in Umbraco CMS allows attackers to obtain stack trace information from Management API endpoints even when debug mode is disabled. This affects all Umbraco installations using vulner...