Umbraco Cms vulnerabilities
2 known vulnerabilities affecting umbraco/cms.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2012-10054P2CRITICALCVSS 9.8PoCfixed in 4.7.12025-08-13
CVE-2012-10054 [CRITICAL] CWE-22 CVE-2012-10054: Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly i
nvd
CVE-2024-10761P4MEDIUMCVSS 5.4v10.7.0v10.7.1+20 more2024-11-04
CVE-2024-10761 [MEDIUM] CWE-79 CVE-2024-10761: A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been class
A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit
nvd