Umbraco: >> Umbraco Cms >> 7.11.2 Security Vulnerabilities
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
CVSS Score
5.4
EPSS Score
0.671
Published
2020-12-30
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
CVSS Score
6.5
EPSS Score
0.094
Published
2020-12-30
Page 2