| CVE-2026-46616 |
|
Medium |
Jun 10, 2026 |
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operation
more...
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. This issue has been patched in versions 13.14.0 and 17.4.0.
less...
|
8.18.15, 8.18.14, 8.18.13, 8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7
|
| CVE-2025-46736 |
BDSA-2025-3868 |
Medium |
May 06, 2025 |
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post logi
more...
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patched in versions 10.8.10 and 13.8.1. No known workarounds are available.
less...
|
8.18.15, 8.18.14, 8.18.13, 8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7
|
| CVE-2025-27602 |
BDSA-2025-2037 |
Medium |
Mar 11, 2025 |
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1,
more...
Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folders the editor does not have access to. The issue is patched in versions 10.8.9 and 13.7.1. No known workarounds are available.
less...
|
8.18.15, 8.18.14, 8.18.13, 8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7
|
| CVE-2025-27601 |
BDSA-2025-2036 |
Medium |
Mar 11, 2025 |
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management pac
more...
Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. The issue is patched in versions 15.2.3 and 14.3.3. No known workarounds are available.
less...
|
8.18.15, 8.18.14, 8.18.13, 8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7
|
| CVE-2022-22691 |
BDSA-2022-0144 |
High |
Jan 18, 2022 |
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It m
more...
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
less...
|
8.18.15, 8.18.14, 8.18.13, 8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7
|
| CVE-2022-22690 |
BDSA-2022-0152 |
High |
Jan 18, 2022 |
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to bui
more...
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the administrator invites users to the site. For Umbraco versions less than 9.2.0, if the Application URL is not specifically configured, the attacker can manipulate this value and store it persistently affecting all users for components where the "UmbracoApplicationUrl" is used. For example, the attacker is able to change the URL users receive when resetting their password so that it points to the attackers server, when the user follows this link the reset token can be intercepted by the attacker resulting in account takeover.
less...
|
8.18.15, 8.18.14, 8.18.13, 8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7
|
| BDSA-2025-75404 |
|
High |
Dec 23, 2025 |
Umbraco CMS is vulnerable to stored cross-site scripting (XSS) due to improper sanitization of JavaScript which is embedded in PDF files that have been
more...
Umbraco CMS is vulnerable to stored cross-site scripting (XSS) due to improper sanitization of JavaScript which is embedded in PDF files that have been uploaded via the media section. This could allow an attacker to execute arbitrary JavaScript code within the context of the victim's browser.
less...
|
|
| BDSA-2025-5534 |
|
Medium |
Jun 25, 2025 |
Umbraco is vulnerable to information disclosure due to improper handling of password configuration data in an anonymously accessible endpoint. This cou
more...
Umbraco is vulnerable to information disclosure due to improper handling of password configuration data in an anonymously accessible endpoint. This could allow an attacker to gain insights into password requirements, potentially aiding in brute force attacks.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-2874 |
|
Low |
Apr 09, 2025 |
Umbraco is vulnerable to a path traversal vulnerability due to improper handling of file uploads in the management API. This could allow an attacker to
more...
Umbraco is vulnerable to a path traversal vulnerability due to improper handling of file uploads in the management API. This could allow an attacker to upload files to unauthorized locations, potentially leading to unauthorized file access or manipulation.
**Note: The authoring of this BDSA has been AI-assisted. The full technical details of the vulnerability have not been independently verified by the Black Duck Cybersecurity Research Center (CyRC).**
less...
|
|
| BDSA-2025-0604 |
|
High |
Jan 24, 2025 |
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
**No
more...
A stored cross-site scripting (XSS) vulnerability in Umbraco CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
**Note: CVE details have been utilized in generating this advisory. The details of the vulnerability have not been independently verified by Black Duck CyRC.**
less...
|
|
