Umbraco Cms vulnerabilities
57 known vulnerabilities affecting umbraco/umbraco_cms.
Total CVEs
57
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH8MEDIUM43LOW1
Vulnerabilities
Page 1 of 3
CVE-2012-10054P2CRITICALCVSS 9.8PoCfixed in 4.7.12025-08-13
CVE-2012-10054 [CRITICAL] CWE-22 CVE-2012-10054: Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly i
nvd
CVE-2020-5811P3MEDIUMCVSS 6.5PoC≤ 8.9.12020-12-30
CVE-2020-5811 [MEDIUM] CWE-22 CVE-2020-5811: An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
nvd
CVE-2025-67288P3CRITICALCVSS 10.0v16.3.32025-12-22
CVE-2025-67288 [CRITICAL] CVE-2025-67288: An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbra
nvd
CVE-2025-32017P3HIGHCVSS 8.8≥ 14.0.0, < 14.3.4≥ 15.0.0, < 15.3.12025-04-08
CVE-2025-32017 [HIGH] CWE-23 CVE-2025-32017: Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.
nvd
CVE-2020-9471P3HIGHCVSS 8.8v8.5.32020-03-16
CVE-2020-9471 [HIGH] CWE-434 CVE-2020-9471: Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via
Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.
nvd
CVE-2012-1301P3CRITICALCVSS 9.8v4.7.02017-04-13
CVE-2012-1301 [CRITICAL] CWE-20 CVE-2012-1301: The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
nvd
CVE-2014-10074P3CRITICALCVSS 9.8fixed in 7.2.02018-08-27
CVE-2014-10074 [CRITICAL] CWE-434 CVE-2014-10074: Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umb
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
nvd
CVE-2023-37267P3CRITICALCVSS 9.8≥ 10.0.0, < 10.6.1≥ 11.0.0, < 11.4.2+1 more2023-07-13
CVE-2023-37267 [CRITICAL] CWE-284 CVE-2023-37267: Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users ac
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
nvd
CVE-2020-5810P3MEDIUMCVSS 5.4≤ 8.9.12020-12-30
CVE-2020-5810 [MEDIUM] CWE-79 CVE-2020-5810: A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authoriz
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
nvd
CVE-2019-25137P3HIGHCVSS 7.2≥ 4.11.8, ≤ 7.15.102023-05-18
CVE-2019-25137 [HIGH] CWE-91 CVE-2019-25137: Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated admini
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
nvd
CVE-2026-31834P3HIGHCVSS 7.2≥ 15.3.1, < 16.5.1≥ 17.0.0, < 17.2.22026-03-10
CVE-2026-31834 [HIGH] CWE-269 CVE-2026-31834: Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerabi
Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identified in Umbraco CMS. Under certain conditions, authenticated backoffice users with permission to manage users, may be able to elevate their privileges due to insufficient authorization enforcement when modifying user group membership
nvd
CVE-2013-4793P3HIGHCVSS 7.5≤ 6.0.32014-12-27
CVE-2013-4793 [HIGH] CWE-287 CVE-2013-4793: The update function in umbraco.webservices/templates/templateService.cs in the TemplateService compo
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
nvd
CVE-2024-47819P3HIGHCVSS 8.7≥ 14.0.0, < 14.3.12024-10-22
CVE-2024-47819 [HIGH] CWE-79 CVE-2024-47819: Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerabi
Umbraco, a free and open source .NET content management system, has a cross-site scripting vulnerability starting in version 14.0.0 and prior to versions 14.3.1 and 15.0.0. This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant the
nvd
CVE-2022-22690P3HIGHCVSS 7.5fixed in 9.2.0≥ unspecified, < 9.2.02022-01-18
CVE-2022-22690 [HIGH] CWE-444 CVE-2022-22690: Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationU
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the administrator invites users to the site. For Umbraco versio
nvd
CVE-2026-31833P3MEDIUMCVSS 6.7≥ 16.2.0, < 16.5.1≥ 17.0.0, < 17.2.22026-03-10
CVE-2026-31833 [MEDIUM] CWE-79 CVE-2026-31833: Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user
Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration (/.+/) in the UFM DOMPurify instance, event handler attributes such as onclick and onload, when used within
nvd
CVE-2020-9472P3MEDIUMCVSS 6.5v8.5.32020-03-16
CVE-2020-9472 [MEDIUM] CWE-434 CVE-2020-9472: Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via t
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
nvd
CVE-2022-22691P3HIGHCVSS 7.4fixed in 9.2.02022-01-18
CVE-2022-22691 [HIGH] CVE-2022-22691: The password reset component deployed within Umbraco uses the hostname supplied within the request h
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2
nvd
CVE-2024-48925P3MEDIUMCVSS 6.5≥ 14.0.0, < 14.3.02024-10-22
CVE-2024-48925 [MEDIUM] CWE-284 CVE-2024-48925: Umbraco, a free and open source .NET content management system, has an improper access control issue
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.
nvd
CVE-2025-27602P3MEDIUMCVSS 6.4fixed in 10.8.9≥ 11.0.0, < 13.7.12025-03-11
CVE-2025-27602 [MEDIUM] CWE-285 CVE-2025-27602: Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backo
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is pa
nvd
CVE-2023-49089P3MEDIUMCVSS 6.5≥ 8.0.0, < 8.18.10≥ 10.0.0, < 10.8.1+1 more2023-12-12
CVE-2023-49089 [MEDIUM] CWE-22 CVE-2023-49089: Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versio
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue.
nvd
1 / 3Next →