CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48925 – Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
https://notcve.org/view.php?id=CVE-2024-48925
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4gp9-ff99-j6vj • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47819 – Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
https://notcve.org/view.php?id=CVE-2024-47819
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content. Versions 14.3.1 and 15.0.0 contain a patch. As a workaround, ensure that access to the Dictionary section is only granted to trusted users. • https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-c5g6-6xf7-qxp3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43377 – Umbraco CMS Improper Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43377
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2. • https://github.com/umbraco/Umbraco-CMS/commit/72bef8861d94a39d5cc9530a04c4797b91fcbecf https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hrww-x3fq-xcvh • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43376 – Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2024-43376
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2. • https://github.com/umbraco/Umbraco-CMS/commit/b76070c794925932cb159ef50b851db6e966a004 https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-77gj-crhp-3gvx • CWE-209: Generation of Error Message Containing Sensitive Information •