Umbraco — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting Umbraco. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Umbraco:Umbraco-CMS Umbraco.Forms.Issues Umbraco CMS CMS UmbracoIdentityExtensions Umbraco.Workflow.Issues Umbraco.Commerce.Issues Umbraco Forms Umbraco.Engage.Forms

CVE ID	Title	CVSS	Severity	Published
CVE-2024-35218	Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane — Umbraco-CMSCWE-79	4.2	Medium	2024-05-21
CVE-2024-34071	Open Redirect Bypass Protection — Umbraco-CMSCWE-601	6.1	Medium	2024-05-21
CVE-2024-32872	Umbraco Workflow's Backoffice users can execute arbitrary SQL — Umbraco.Workflow.IssuesCWE-89	5.5	Medium	2024-04-24
CVE-2024-29035	Umbraco's Blind SSRF Leads to Port Scan by using Webhooks — Umbraco-CMSCWE-918	4.1	Medium	2024-04-17
CVE-2024-28868	Umbraco possible user enumeration vulnerability — Umbraco-CMSCWE-204	3.7	Low	2024-03-20
CVE-2023-49279	Umbraco CMS vulnerable to stored XSS via SVG File Upload — Umbraco-CMSCWE-79	3.7	Low	2023-12-12
CVE-2023-49278	Umbraco CMS brute force exploit can be used to collect valid usernames — Umbraco-CMSCWE-200	5.3	Medium	2023-12-12
CVE-2023-49274	Umbraco CMS SMTP misconfiguration exposes potential registered user email — Umbraco-CMSCWE-200	3.7	Low	2023-12-12
CVE-2023-49273	Umbraco CMS vulnerable to Privilege Escalation using Spoofing — Umbraco-CMSCWE-863	5.4	Medium	2023-12-12
CVE-2023-49089	Umbraco CMS possible path traversal when creating packages from backoffice — Umbraco-CMSCWE-22	7.7	High	2023-12-12
CVE-2023-48313	Umbraco contains a DOM-XSS — Umbraco-CMSCWE-79	4.3	Medium	2023-12-12
CVE-2023-48227	Umbraco CMS Backoffice User can bypass "Publish" restriction — Umbraco-CMSCWE-863	4.3	Medium	2023-12-12
CVE-2023-38694	Umbraco CMS vulnerable to possible injection of HTML in an unintended form — Umbraco-CMSCWE-79	3.5	Low	2023-12-12
CVE-2023-37267	Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions — Umbraco-CMSCWE-284	7.5	High	2023-07-13
CVE-2023-32312	Client secret not mandatory in UmbracoIdentityExtensions — UmbracoIdentityExtensionsCWE-200	3.7	Low	2023-06-09
CVE-2022-22690	Umbraco Remote ApplicationURL Overwrite — Umbraco CMS	8.6	High	2022-01-18
CVE-2022-22691	Umbraco Password Reset URL Poison — Umbraco CMSCWE-640	6.8	Medium	2022-01-18

This page lists every published CVE security advisory associated with Umbraco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Umbraco — Vulnerabilities & Security Advisories 47