@umbraco-cms/backoffice
This package contains the types for the Umbraco Backoffice.
Security Advisories for @umbraco-cms/backoffice in npm
Potential
Moderate
10 months ago
Umbraco Delivery API allows for cached requests to be returned with an invalid API key
nuget
Umbraco.Cms.Api.Delivery
Potential
Potential
Moderate
12 months ago
Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads
nuget
Umbraco.Cms
Potential
Moderate
about 1 year ago
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response
nuget
Umbraco.Cms
Potential
High
about 1 year ago
Umbraco has a Management API Vulnerability to Path Traversal With Authenticated Users
nuget
Umbraco.Cms
Potential
Moderate
about 1 year ago
Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content
nuget
Umbraco.Cms.Web.Backoffice
Potential
Moderate
about 1 year ago
Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
nuget
Umbraco.Cms.Api.Management
Potential
Moderate
over 1 year ago
XSS/HTML Injection Vulnerability in Umbraco Preview Badge
nuget
Umbraco.Cms
Potential
Moderate
over 1 year ago
Umbraco Allows User Enumeration Feasible Based On Management API Timing and Response Codes
nuget
Umbraco.Cms
Moderate
over 1 year ago
XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
npm, nuget
@umbraco-cms/backoffice, Umbraco.Cms.StaticAssets
Potential
Moderate
over 1 year ago
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
nuget
Umbraco.CMS
Potential
Moderate
over 1 year ago
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
nuget
Umbraco.Cms, UmbracoCms
Potential
Moderate
over 1 year ago
Umbraco CMS logout page displayed before session expiration
nuget
UmbracoCMS, Umbraco.CMS
Potential
Low
over 1 year ago
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
nuget
Umbraco.CMS
Moderate
over 1 year ago
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
npm, nuget
@umbraco-cms/backoffice, Umbraco.Cms.StaticAssets
Potential
Potential
Moderate
almost 2 years ago
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
nuget
Umbraco.Cms.Api.Management
Potential
Moderate
about 2 years ago
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
nuget
UmbracoCms.Core
Potential
Moderate
about 2 years ago
Umbraco CMS Open Redirect Bypass Protection
nuget
Umbraco.Cms.Web.BackOffice, UmbracoCms.Core
Potential
Moderate
about 2 years ago
Blind SSRF Leads to Port Scan by using Webhooks
nuget
Umbraco.Cms.Web.BackOffice, Umbraco.Cms.Core
Potential
Potential
Potential
Potential
Low
over 2 years ago
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
nuget
Umbraco.CMS
Potential
Potential
Low
over 2 years ago
Using the directory back payload (โ/../โ) in a package name allows placement of package in other folders.
nuget
Umbraco.CMS
Potential
Potential
Potential
Potential
High
almost 3 years ago
Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions
nuget
Umbraco.Cms.Web.BackOffice, Umbraco.Cms.Infrastructure
Potential
Potential
Potential
Potential
Potential