Umbraco.cms.core
This hub aggregates every CVE we track for Umbraco.cms.core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Umbraco.cms.core.
- CVE-2024-35218Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane4.2
- CVE-2024-34071Open Redirect Bypass Protection 6.1
- CVE-2024-29035Umbraco's Blind SSRF Leads to Port Scan by using Webhooks4.1
- CVE-2022-22690Umbraco Remote ApplicationURL Overwrite8.6
- CVE-2022-22691Umbraco Password Reset URL Poison6.8
- CVE-2020-5809A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor...5.4
- CVE-2020-9471Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.8.8
- CVE-2020-7210Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.4.3
Product normalization is registry-driven with AI assist and human review. How it works