Vulnerabilidades en umbraco
49 resultadosCVE-2023-49279LOWUmbraco CMS vulnerable to stored XSS via SVG File UploadEPSS 0.4%CVE-2024-48925NONEUmbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook APIEPSS 0.4%CVE-2024-34071MEDIUMOpen Redirect Bypass Protection EPSS 0.4%CVE-2023-49273MEDIUMUmbraco CMS vulnerable to Privilege Escalation using SpoofingEPSS 0.4%CVE-2025-23041MEDIUMShort and Long Answer Fields Are Not Validated Server-Side For Maximum Length in Umbraco.FormsEPSS 0.4%CVE-2024-43376MEDIUMUmbraco CMS vulnerable to Generation of Error Message Containing Sensitive InformationEPSS 0.4%CVE-2026-27449HIGHUmbraco.Engage.Forms Allows Unauthorized Access to Multiple API EndpointsEPSS 0.4%CVE-2024-35218MEDIUMUmbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview PaneEPSS 0.4%CVE-2021-47776MEDIUMUmbraco v8.14.1 - 'baseUrl' SSRFEPSS 0.3%CVE-2024-35239LOWStored Cross-site Scripting on Components of Umbraco FormsEPSS 0.3%CVE-2024-47819MEDIUMUmbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary sectionEPSS 0.3%CVE-2025-54425MEDIUMUmbraco's Delivery API allows for cached requests to be returned with an invalid API keyEPSS 0.3%CVE-2025-46736MEDIUMUmbraco Makes User Enumeration Feasible Based on Timing of Login ResponseEPSS 0.3%CVE-2025-66625MEDIUMUmbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import FunctionalityEPSS 0.3%CVE-2025-27601MEDIUMUmbraco Allows Improper API Access Control to Low-Privilege Users to Data Type FunctionalityEPSS 0.3%CVE-2025-49147MEDIUMUmbraco.Cms Vulnerable to Disclosure of Configured Password RequirementsEPSS 0.3%CVE-2024-35240MEDIUMStored Cross-site Scripting on Print Functionality in Umbraco CommerceEPSS 0.3%CVE-2025-27602MEDIUMUmbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized ContentEPSS 0.3%CVE-2026-31833MEDIUMUmbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute FilteringEPSS 0.3%CVE-2025-24012MEDIUMUmbraco Backoffice Components Have XSS/HTML Injection VulnerabilityEPSS 0.3%