Shodan
Vulnerabilities
Vulnerable Software
Umbraco:  Security Vulnerabilities
CVE-2021-34254
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-28
CVE-2020-5809
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-12-30
CVE-2020-5810
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
CVSS Score
5.4
EPSS Score
0.035
Published
2020-12-30
CVE-2020-5811
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
CVSS Score
6.5
EPSS Score
0.026
Published
2020-12-30
CVE-2020-29454
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-12-02
CVE-2020-7685
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-07-28
CVE-2020-9472
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
CVSS Score
6.5
EPSS Score
0.022
Published
2020-03-16
CVE-2020-9471
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
CVSS Score
8.8
EPSS Score
0.029
Published
2020-03-16
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-23
CVE-2019-13957
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved