Umbraco: >> Umbraco Security Vulnerabilities
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-02
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
CVSS Score
8.2
EPSS Score
0.834
Published
2017-03-03
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-03-03
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-03