pkg:NuGet/Umbraco.CMS

All known vulnerabilities

• HIGH8.8CVE-2015-8814Umbraco CMS vulnerable to CSRF
  from 0, < 7.4.0
• HIGH8.2CVE-2015-8813Umbraco CMS vulnerable to CSRF
  from 0, < 7.4.0
• MEDIUM5.4CVE-2023-49273Privilege Escalation using Spoofing
  >= 8.0.0, < 8.18.10
• MEDIUM4.3DOM-XSS on Backoffice login screen.
  >= 10.0.0, < 10.8.1
• MEDIUM4.2Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
  >= 13.0.0, < 13.5.2
• MEDIUM4.2Umbraco CMS logout page displayed before session expiration
  >= 13.0.0, < 13.5.2
• LOW3.7SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
  >= 8.0.0, < 8.18.10
• NONE0.0Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
  >= 14.0.0, < 14.3.0
• NONE0.0Stored XSS via SVG File Upload
  >= 7.0.0, < 7.15.11
• NONE0.0Brute force exploit can be used to collect valid usernames
  >= 8.0.0, < 8.18.10
• NONE0.0Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
  >= 8.0.0, < 8.18.10
• NONE0.0Backoffice User can bypass "Publish" restriction
  >= 8.0.0, < 8.18.10
• NONE0.0Possible injection of HTML into user invite mails
  >= 8.0.0, < 8.18.10