Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

umbraco — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting umbraco. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Umbraco is an open-source .NET content management system designed for building and managing digital experiences. Its architecture relies heavily on ASP.NET, making it a frequent target for web application attacks. Historically, the platform has been vulnerable to critical flaws, including Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from insufficient input validation or insecure default configurations. Privilege escalation vulnerabilities have also been documented, allowing attackers to gain administrative access through manipulated requests. While the core framework is robust, many security incidents involve third-party packages or custom implementations that fail to adhere to secure coding standards. Recent advisories highlight the importance of keeping the CMS and its extensions updated to mitigate known risks. The high number of recorded CVEs underscores the necessity for rigorous patch management and security auditing in Umbraco deployments to prevent exploitation of these persistent weaknesses.

Top products by umbraco: Umbraco-CMS Umbraco.Forms.Issues Umbraco CMS CMS UmbracoIdentityExtensions Umbraco.Workflow.Issues Umbraco.Commerce.Issues Umbraco Forms Umbraco.Engage.Forms
CVE IDTitleCVSSSeverityPublished
CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane — Umbraco-CMSCWE-79 4.2 Medium2024-05-21
CVE-2024-34071 Open Redirect Bypass Protection — Umbraco-CMSCWE-601 6.1 Medium2024-05-21
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL — Umbraco.Workflow.IssuesCWE-89 5.5 Medium2024-04-24
CVE-2024-29035 Umbraco's Blind SSRF Leads to Port Scan by using Webhooks — Umbraco-CMSCWE-918 4.1 Medium2024-04-17
CVE-2024-28868 Umbraco possible user enumeration vulnerability — Umbraco-CMSCWE-204 3.7 Low2024-03-20
CVE-2023-49279 Umbraco CMS vulnerable to stored XSS via SVG File Upload — Umbraco-CMSCWE-79 3.7 Low2023-12-12
CVE-2023-49278 Umbraco CMS brute force exploit can be used to collect valid usernames — Umbraco-CMSCWE-200 5.3 Medium2023-12-12
CVE-2023-49274 Umbraco CMS SMTP misconfiguration exposes potential registered user email — Umbraco-CMSCWE-200 3.7 Low2023-12-12
CVE-2023-49273 Umbraco CMS vulnerable to Privilege Escalation using Spoofing — Umbraco-CMSCWE-863 5.4 Medium2023-12-12
CVE-2023-49089 Umbraco CMS possible path traversal when creating packages from backoffice — Umbraco-CMSCWE-22 7.7 High2023-12-12
CVE-2023-48313 Umbraco contains a DOM-XSS — Umbraco-CMSCWE-79 4.3 Medium2023-12-12
CVE-2023-48227 Umbraco CMS Backoffice User can bypass "Publish" restriction — Umbraco-CMSCWE-863 4.3 Medium2023-12-12
CVE-2023-38694 Umbraco CMS vulnerable to possible injection of HTML in an unintended form — Umbraco-CMSCWE-79 3.5 Low2023-12-12
CVE-2023-37267 Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions — Umbraco-CMSCWE-284 7.5 High2023-07-13
CVE-2023-32312 Client secret not mandatory in UmbracoIdentityExtensions — UmbracoIdentityExtensionsCWE-200 3.7 Low2023-06-09
CVE-2022-22690 Umbraco Remote ApplicationURL Overwrite — Umbraco CMS 8.6 High2022-01-18
CVE-2022-22691 Umbraco Password Reset URL Poison — Umbraco CMSCWE-640 6.8 Medium2022-01-18

This page lists every published CVE security advisory associated with umbraco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.