CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-47776

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.9%

CVSS Severity

CVSS v3 Score 5.3

References

https://our.umbraco.com/
https://releases.umbraco.com/all-releases
https://www.exploit-db.com/exploits/50462

Products affected by CVE-2021-47776

Umbraco » Umbraco Cms » Version: 8.14.1

cpe:2.3:a:umbraco:umbraco_cms:8.14.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-47776

Products

Pricing

Contact Us