CVE-2023-48313 – Umbraco contains a DOM-XSS
https://notcve.org/view.php?id=CVE-2023-48313
Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue. Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. A partir de la versión 10.0.0 y antes de las versiones 10.8.1 y 12.3.4, Umbraco contiene una vulnerabilidad de Cross-Site Scripting (XSS) que permite a los atacantes introducir contenido malicioso en un sitio web o aplicación. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-48227 – Umbraco CMS Backoffice User can bypass "Publish" restriction
https://notcve.org/view.php?id=CVE-2023-48227
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2 • CWE-863: Incorrect Authorization •
CVE-2023-38694 – Umbraco CMS vulnerable to possible injection of HTML in an unintended form
https://notcve.org/view.php?id=CVE-2023-38694
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue. Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. A partir de la versión 8.0.0 y antes de las versiones 8.18.10, 10.7.0 y 12.1.0, un usuario con acceso a una parte específica del backoffice puede inyectar código HTML en un formulario donde no está previsto. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-37267 – Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions
https://notcve.org/view.php?id=CVE-2023-37267
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1. • https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569 https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m • CWE-284: Improper Access Control •
CVE-2022-22690 – Umbraco Remote ApplicationURL Overwrite
https://notcve.org/view.php?id=CVE-2022-22690
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the administrator invites users to the site. For Umbraco versions less than 9.2.0, if the Application URL is not specifically configured, the attacker can manipulate this value and store it persistently affecting all users for components where the "UmbracoApplicationUrl" is used. For example, the attacker is able to change the URL users receive when resetting their password so that it points to the attackers server, when the user follows this link the reset token can be intercepted by the attacker resulting in account takeover. Dentro del CMS Umbraco, un elemento de configuración llamado "UmbracoApplicationUrl" (o simplemente "ApplicationUrl") es usado siempre que el código de la aplicación necesita construir una URL que apunte al sitio. • https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •