Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: umbraco Clear
ID Title
CVE-2026-46609 Cross-Site Scripting (XSS) in Umbraco.Cms (CVE-2026-46609)
cross-site scripting in Umbraco.Cms (CVE-2026-46609). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.4.0` or later.
CVE-2026-46616 Open Redirect in Umbraco.Cms (CVE-2026-46616)
vulnerability in Umbraco.Cms (CVE-2026-46616). Risk of unauthorized operations or information disclosure. Exploitable via ``UmbLoginStatusController``. Mitigation: upgrade to `17.4.0` or later.
CVE-2025-67288 Unrestricted File Upload in umbraco (CVE-2025-67288)
vulnerability in umbraco (CVE-2025-67288). Successful exploitation can lead to full system takeover.
CVE-2024-55488 Cross-Site Scripting (XSS) in umbraco (CVE-2024-55488)
cross-site scripting in umbraco (CVE-2024-55488). Risk of unauthorized operations or information disclosure.
CVE-2021-33224 Unrestricted File Upload in umbraco (CVE-2021-33224)
vulnerability in umbraco (CVE-2021-33224). Successful exploitation can lead to full system takeover.
CVE-2017-15279 Cross-Site Scripting (XSS) in umbraco (CVE-2017-15279)
cross-site scripting in umbraco (CVE-2017-15279). Risk of unauthorized operations or information disclosure.
CVE-2017-15280 XXE (XML External Entity) in ssrf (CVE-2017-15280)
vulnerability in ssrf (CVE-2017-15280). Confidential information can be exposed externally.
CVE-2012-1301 Vulnerability in umbraco (CVE-2012-1301)
vulnerability in umbraco (CVE-2012-1301). Successful exploitation can lead to full system takeover.
CVE-2015-8813 SSRF (Server-Side Request Forgery) in ssrf (CVE-2015-8813)
SSRF in ssrf (CVE-2015-8813). Data can be tampered with by attackers.
CVE-2015-8814 Cross-Site Request Forgery (CSRF) in csrf (CVE-2015-8814)
vulnerability in csrf (CVE-2015-8814). Successful exploitation can lead to full system takeover.
CVE-2015-8815 Cross-Site Scripting (XSS) in umbraco (CVE-2015-8815)
cross-site scripting in umbraco (CVE-2015-8815). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →