| CVE-2015-8814 |
high |
8.8 |
8.8 |
9y ago |
Umbraco CMS vulnerable to CSRF |
|
| CVE-2015-8813 |
high |
8.2 |
8.2 |
9y ago |
Umbraco CMS vulnerable to CSRF |
|
| CVE-2024-48929 |
unknown |
— |
— |
2y ago |
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out |
|
| CVE-2024-48926 |
unknown |
— |
— |
2y ago |
Umbraco CMS logout page displayed before session expiration |
|
| CVE-2024-48925 |
unknown |
— |
— |
2y ago |
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API |
|
| CVE-2023-49279 |
unknown |
— |
— |
3y ago |
Stored XSS via SVG File Upload |
|
| CVE-2023-49278 |
unknown |
— |
— |
3y ago |
Brute force exploit can be used to collect valid usernames |
|
| CVE-2023-49274 |
unknown |
— |
— |
3y ago |
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email. |
|
| CVE-2023-49273 |
unknown |
— |
— |
3y ago |
Privilege Escalation using Spoofing |
|
| CVE-2023-49089 |
unknown |
— |
— |
3y ago |
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. |
|
| CVE-2023-48313 |
unknown |
— |
— |
3y ago |
DOM-XSS on Backoffice login screen. |
|
| CVE-2023-48227 |
unknown |
— |
— |
3y ago |
Backoffice User can bypass "Publish" restriction |
|
| CVE-2023-38694 |
unknown |
— |
— |
3y ago |
Possible injection of HTML into user invite mails |
|