Umbraco

umbraco

Vendor: Umbraco • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-13957 1Umbraco 1Umbraco Nov 21, 2024 Oct 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
CVE-2015-8815 1Umbraco 1Umbraco May 13, 2026 Mar 3, 2017 N/A· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or...Show more Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.Show less
CVE-2015-8814 1Umbraco 1Umbraco May 13, 2026 Mar 3, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs fil...Show more Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.Show less
CVE-2015-8813 1Umbraco 1Umbraco May 13, 2026 Mar 3, 2017 N/A· v4 8.2 HIGH· v3 4.3 MEDIUM· v2 The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.