CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-48227 – Umbraco CMS Backoffice User can bypass "Publish" restriction
https://notcve.org/view.php?id=CVE-2023-48227
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-335x-5wcm-8jv2 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38694 – Umbraco CMS vulnerable to possible injection of HTML in an unintended form
https://notcve.org/view.php?id=CVE-2023-38694
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue. Umbraco es un sistema de gestión de contenidos (CMS) ASP.NET. A partir de la versión 8.0.0 y antes de las versiones 8.18.10, 10.7.0 y 12.1.0, un usuario con acceso a una parte específica del backoffice puede inyectar código HTML en un formulario donde no está previsto. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37267 – Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions
https://notcve.org/view.php?id=CVE-2023-37267
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1. • https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569 https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32312 – Client secret not mandatory in UmbracoIdentityExtensions
https://notcve.org/view.php?id=CVE-2023-32312
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. • https://docs.umbraco.com/umbraco-cms/reference/security/external-login-providers https://github.com/umbraco/UmbracoIdentityExtensions/commit/e792429f9d1fa25c1ba4f7a61d23ee02fedd6dc9 https://github.com/umbraco/UmbracoIdentityExtensions/pull/53 https://github.com/umbraco/UmbracoIdentityExtensions/security/advisories/GHSA-f2rf-8mwf-6jfh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 4CVE-2019-25137
https://notcve.org/view.php?id=CVE-2019-25137
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. • https://github.com/Ickarah/CVE-2019-25137-Version-Research https://0xdf.gitlab.io/2020/09/05/htb-remote.html https://github.com/noraj/Umbraco-RCE https://www.exploit-db.com/exploits/46153 • CWE-91: XML Injection (aka Blind XPath Injection) •