CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-49279 – Umbraco CMS vulnerable to stored XSS via SVG File Upload
https://notcve.org/view.php?id=CVE-2023-49279
12 Dec 2023 — Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. • https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 24%CPEs: 1EXPL: 4CVE-2019-25137
https://notcve.org/view.php?id=CVE-2019-25137
18 May 2023 — Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. • https://github.com/Ickarah/CVE-2019-25137-Version-Research • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22690 – Umbraco Remote ApplicationURL Overwrite
https://notcve.org/view.php?id=CVE-2022-22690
18 Jan 2022 — Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the administrator invites users to the site. For Umbraco versions less than 9.2.0, if the Application URL is not specifically configured, the attacker can manipulate this value and store it persistently affecting all users... • https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22691 – Umbraco Password Reset URL Poison
https://notcve.org/view.php?id=CVE-2022-22691
18 Jan 2022 — The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the ... • https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34254
https://notcve.org/view.php?id=CVE-2021-34254
28 Jun 2021 — Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. Umbraco CMS versiones anteriores a 7.15.7, es vulnerable a un Redireccionamiento Abierto debido a un saneamiento insufuciente de la url en booting.aspx • https://github.com/umbraco/Umbraco-CMS/issues/9782 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5809
https://notcve.org/view.php?id=CVE-2020-5809
30 Dec 2020 — A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. Se presenta una vulnerabilidad de tipo XSS almacenado en Umbraco CMS versiones anteriores a 8.9.1 o actual. Un usuario autenticado puede inyectar código JavaScript arbitrario en iframes cuando edita contenido usando el editor de texto enri... • https://www.tenable.com/security/research/tra-2020-59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 2%CPEs: 1EXPL: 1CVE-2020-5810
https://notcve.org/view.php?id=CVE-2020-5810
30 Dec 2020 — A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. Se presenta una vulnerabilidad de tipo XSS almacenado en Umbraco CMS versiones anteriores a 8.9.1 o actual. Un usuario autenticado autorizado para cargar multimedia puede cargar un archivo .svg malicioso que actúa como una carga útil de tipo XSS almacenado. • https://www.tenable.com/security/research/tra-2020-59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 4CVE-2020-5811 – Umbraco CMS 8.9.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2020-5811
30 Dec 2020 — An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. Se presenta una vulnerabilidad de salto de ruta autenticada durante la instalación del paquete en Umbraco CMS versiones anteriores a 8.9.1 o actual, lo que podría resultar en la escritura de archivos arbitrarios fuera del inicio del sitio y las rutas esperadas cu... • https://packetstorm.news/files/id/163965 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2014-10074
https://notcve.org/view.php?id=CVE-2014-10074
27 Aug 2018 — Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. Umbraco en versiones anteriores a la 7.2.0 tiene una vulnerabilidad de ejecución remota de código PHP debido a que Umbraco.Web.UI/config/umbracoSettings.Release.config no bloquea la subida de archivos .php. • http://issues.umbraco.org/issue/U4-5901 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15279
https://notcve.org/view.php?id=CVE-2017-15279
12 Oct 2017 — Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. Vulnerabilidad Cross-Site Scripting (XSS) en Umbraco CMS en versiones anteriores a la 7.7.3 permite que atacantes remotos inyecten scripts web o HTML arbitrarios medi... • http://issues.umbraco.org/issue/U4-10497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •