Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

nuget Umbraco.CMS Security Advisories

Loading...
Low
GSA_kwCzR0hTQS02eG14LTg1eDMtNGN2Ms4AA3ug
Stored XSS via SVG File Upload
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS03eDc0LWg4Y3ctcWh4cc4AA3uf
Brute force exploit can be used to collect valid usernames
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS04cXA4LTlycHctajQ2Y84AA3ue
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jZnI1LTdwNTQtNHFnOM4AA3ud
Privilege Escalation using Spoofing
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS02MzI0LTUycHItaDRwNc4AA3uc
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12OThtLTM5OHgtMjY5cs4AA3ub
DOM-XSS on Backoffice login screen.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zMzV4LTV3Y20tOGp2Ms4AA3ua
Backoffice User can bypass "Publish" restriction
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS14eGM2LTM1cjctNzk2d84AA3uY
Possible injection of HTML into user invite mails
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS14MzRqLXd4cTgtN3Zjbc4AAb4d
Umbraco CMS vulnerable to CSRF
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01ZjZwLTRoeHEtcmp4bc4AAb4c
Umbraco CMS vulnerable to CSRF
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 1
Ecosystems: 12
Filter by Package
Microsoft.ChakraCore 247 Microsoft.AspNetCore.App.Runtime.win-x86 19 DotNetNuke.Core 19 Microsoft.AspNetCore.App.Runtime.win-x64 19 Microsoft.AspNetCore.App.Runtime.win-arm 18 Microsoft.AspNetCore.App.Runtime.osx-x64 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 Microsoft.AspNetCore.App.Runtime.win-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 Microsoft.NETCore.App.Runtime.win-x86 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-arm64 12 tinymce 11 tinymce/tinymce 11 TinyMCE 11 Microsoft.NetCore.App.Runtime.win-arm 11 Microsoft.NetCore.App.Runtime.win-arm64 11 Microsoft.NetCore.App.Runtime.win-x64 11 Microsoft.NetCore.App.Runtime.win-x86 11 Microsoft.NETCore.App 10 Microsoft.AspNetCore.App.Runtime.osx-arm64 10 Microsoft.AspNetCore.All 10 Umbraco.CMS 10 Microsoft.NETCore.App.Runtime.linux-arm 9 Microsoft.NETCore.App.Runtime.linux-arm64 9 Microsoft.NETCore.App.Runtime.linux-musl-arm64 9 Microsoft.NETCore.App.Runtime.linux-musl-x64 9 Microsoft.NETCore.App.Runtime.linux-x64 9 Microsoft.NETCore.App.Runtime.osx-x64 8 Microsoft.NETCore.App.Runtime.win-arm 8 Microsoft.AspNetCore.App 8 OPCFoundation.NetStandard.Opc.Ua.Core 8 jquery 8 jquery-rails 8 org.webjars.npm:jquery 8 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 Microsoft.NETCore.App.Runtime.linux-musl-arm 7 CefSharp.Common 7 jQuery 7 Microsoft.NetCore.App.Runtime.linux-musl-arm64 6 Microsoft.NetCore.App.Runtime.osx-x64 6 Microsoft.NetCore.App.Runtime.osx-arm64 6 Microsoft.NetCore.App.Runtime.linux-x64 6 Microsoft.NetCore.App.Runtime.linux-musl-x64 6 Microsoft.NetCore.App.Runtime.linux-musl-arm 6 Microsoft.NetCore.App.Runtime.linux-arm64 6 Microsoft.NetCore.App.Runtime.linux-arm 6 Microsoft.AspNetCore.Mvc.Core 6 System.Text.Encodings.Web 5 Microsoft.AspNetCore.Mvc.Cors 5 System.Net.Http 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.AspNetCore.Server.Kestrel.Core 5 Microsoft.NETCore.App.Runtime.Mono.osx-x64 5 Microsoft.NETCore.App.Runtime.rhel.6-x64 5 Microsoft.NETCore.App.Runtime.Mono.linux-x64 5 Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 5 Microsoft.NETCore.App.Runtime.Mono.linux-arm64 5 CefSharp.Wpf.HwndHost 5 CefSharp.Wpf 5 CefSharp.WinForms 5 SixLabors.ImageSharp 5 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 5 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 5 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 5 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 5 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 5 Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 5 Microsoft.NETCore.App.Runtime.Mono.linux-arm 5 org.bouncycastle:bcprov-jdk15to18 4 org.bouncycastle:bcprov-jdk15on 4 System.Net.Http.WinHttpHandler 4 System.Net.Security 4 System.Net.WebSockets.Client 4 Microsoft.AspNetCore.Mvc.Abstractions 4 Microsoft.AspNetCore.Mvc.ApiExplorer 4 Microsoft.AspNetCore.Mvc.DataAnnotations 4 Microsoft.AspNetCore.Mvc.Formatters.Json 4 Microsoft.AspNetCore.Mvc.Formatters.Xml 4 Microsoft.AspNetCore.Mvc.Localization 4 Microsoft.AspNetCore.Mvc.Razor.Host 4 Microsoft.AspNetCore.Mvc.Razor 4 Microsoft.AspNetCore.Mvc.TagHelpers 4 Microsoft.AspNetCore.Mvc.ViewFeatures 4 Microsoft.AspNetCore.Mvc.WebApiCompatShim 4 Microsoft.WindowsDesktop.App.Runtime.win-arm64 4 SSCMS 4 Serenity.Net.Core 4 org.bouncycastle:bcprov-jdk14 4 Microsoft.AspNetCore.Mvc 4 SharpZipLib 4 NuGet.Commands 4 BouncyCastle 4 NuGet.CommandLine 4 OPCFoundation.NetStandard.Opc.Ua 4 AjaxNetProfessional 4 OPCFoundation.NetStandard.Opc.Ua.Server 3 Umbraco.Cms.Core 3 Umbraco.Cms.Web.BackOffice 3 Microsoft.Native.Quic.MsQuic.OpenSSL 3 Microsoft.Native.Quic.MsQuic.Schannel 3 System.Security.Cryptography.Xml 3 django-tinymce 3 wix 3 Sustainsys.Saml2 3 Microsoft.NETCore.App.Runtime.osx-arm64 3 System.Private.Uri 3 UmbracoCms 3 CefSharp.Common.NETCore 3 UmbracoCms.Core 3 Azure.Identity 3 org.bouncycastle:bcpkix-jdk18on 3 org.bouncycastle:bctls-jdk15to18 3 org.bouncycastle:bctls-jdk14 3 org.bouncycastle:bctls-jdk18on 3 org.bouncycastle:bcpkix-jdk15to18 3 org.bouncycastle:bcpkix-jdk14 3 BouncyCastle.Cryptography 3 org.bouncycastle:bcprov-jdk18on 3 Microsoft.NETCore.App.Runtime.Mono.ios-arm64 2 Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.ios-arm 2 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64 2 Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.android-arm 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm 2 Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.android-arm64 2 Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.android-x64 2 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86 2 Microsoft.NETCore.App.Runtime.Mono.android-x86 2 Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64 2 Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64 2 Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64 2 Microsoft.NETCore.App.Runtime.Mono.browser-wasm 2 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64 2 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64 2 moment 2 Moment.js 2 Snowflake.Data 2 starkbank-ecdsa 2 System.Management.Automation 2 UmbracoCMS.Core 2 Microsoft.NETCore.App.Runtime.browser-wasm 2 ServiceStack 2 Microsoft.Owin 2 Microsoft.AspNetCore.Http.Connections 2 jquery-validation 2 Microsoft.Identity.Client 2 jQuery.Validation 2 DisCatSharp 2 PeterO.Cbor 2 sharpcompress 2 Bootstrap.Less 2 bootstrap 2 bootstrap.sass 2 System.Data.SqlClient 2 Microsoft.Data.SqlClient 2 Google.Protobuf 2 google/protobuf 2 github.com/protocolbuffers/protobuf 2