Umbraco: >> Umbraco Cms Security Vulnerabilities
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
CVSS Score
6.8
EPSS Score
0.003
Published
2022-01-18
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-28
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-12-30
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
CVSS Score
5.4
EPSS Score
0.035
Published
2020-12-30
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
CVSS Score
6.5
EPSS Score
0.026
Published
2020-12-30
Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-12-02
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
CVSS Score
6.5
EPSS Score
0.022
Published
2020-03-16
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
CVSS Score
8.8
EPSS Score
0.029
Published
2020-03-16
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-23
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
CVSS Score
4.8
EPSS Score
0.004
Published
2018-11-27