Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Umbraco Subscribe
Filtered by product Umbraco
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13957 1 Umbraco 1 Umbraco 2019-10-04 7.5 HIGH 9.8 CRITICAL
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
CVE-2015-8814 1 Umbraco 1 Umbraco 2017-03-07 6.8 MEDIUM 8.8 HIGH
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
CVE-2015-8813 1 Umbraco 1 Umbraco 2017-03-07 4.3 MEDIUM 8.2 HIGH
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
CVE-2015-8815 1 Umbraco 1 Umbraco 2017-03-07 5.0 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.