Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14MzRqLXd4cTgtN3Zjbc4AAb4d

High EPSS: 0.83448% (0.99233 Percentile) EPSS:
Permalink JSON

Umbraco CMS vulnerable to CSRF

Affected Packages Affected Versions Fixed Versions
nuget:Umbraco.CMS
PURL: pkg:nuget/Umbraco.CMS
< 7.4.0 7.4.0
46 Dependent packages
0 Dependent repositories
4,009,827 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.3.0, 9.3.1, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.5.0, 10.5.1, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.8.6, 10.8.7, 10.8.8, 10.8.9, 10.8.10, 10.8.11, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.2.2, 11.3.0, 11.3.1, 11.4.0, 11.4.1, 11.4.2, 11.5.0, 12.0.0, 12.0.1, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 12.3.8, 12.3.9, 12.3.10, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0, 13.1.1, 13.2.0, 13.2.1, 13.2.2, 13.3.0, 13.3.1, 13.3.2, 13.4.0, 13.4.1, 13.5.0, 13.5.1, 13.5.2, 13.5.3, 13.6.0, 13.7.0, 13.7.1, 13.7.2, 13.8.0, 13.8.1, 13.9.0, 13.9.1, 13.9.2, 13.9.3, 13.10.0, 14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.3.0, 14.3.1, 14.3.2, 14.3.3, 14.3.4, 15.0.0, 15.1.0, 15.1.1, 15.1.2, 15.2.0, 15.2.1, 15.2.2, 15.2.3, 15.3.0, 15.3.1, 15.4.0, 15.4.1, 15.4.2, 15.4.3, 15.4.4, 16.0.0, 16.1.0, 16.1.1, 16.2.0

The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.

References:

Identifiers

GHSA-x34j-wxq8-7vcm

CVE-2015-8813

Risk

Severity

High

EPSS

EPSS Percentage: 0.83448

EPSS Percentile: 0.99233

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/umbraco/Umbraco-CMS

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON