| CVE-2022-22691 |
BDSA-2022-0144 |
High |
Jan 18, 2022 |
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It m
more...
The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.
less...
|
8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7, 8.18.6, 7.15.10, 7.15.9
|
| CVE-2022-22690 |
BDSA-2022-0152 |
High |
Jan 18, 2022 |
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to bui
more...
Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. For example, when a user resets their password and the application builds a password reset URL or when the administrator invites users to the site. For Umbraco versions less than 9.2.0, if the Application URL is not specifically configured, the attacker can manipulate this value and store it persistently affecting all users for components where the "UmbracoApplicationUrl" is used. For example, the attacker is able to change the URL users receive when resetting their password so that it points to the attackers server, when the user follows this link the reset token can be intercepted by the attacker resulting in account takeover.
less...
|
8.18.12, 8.18.11, 8.18.10, 7.15.11, 8.18.9, 8.18.8, 8.18.7, 8.18.6, 7.15.10, 7.15.9
|
| BDSA-2021-3281 |
|
High |
Nov 01, 2021 |
Umbraco is vulnerable to server side request forgery (SSRF). A remote attacker could use multiple endpoints to submit requests to the local network tha
more...
Umbraco is vulnerable to server side request forgery (SSRF). A remote attacker could use multiple endpoints to submit requests to the local network that the Umbraco host is connected to.
less...
|
|
| BDSA-2020-3953 |
|
Low |
Dec 31, 2020 |
Umbraco content management system (CMS) contains a path traversal vulnerability during the package installation process. An attacker could exploit this
more...
Umbraco content management system (CMS) contains a path traversal vulnerability during the package installation process. An attacker could exploit this flaw to cause arbitrary file writes on the server.
less...
|
|
| BDSA-2020-3952 |
|
High |
Dec 31, 2020 |
Umbraco content management system (CMS) contains a stored cross-site scripting (XSS) vulnerability due to an absence of correct parameter input validat
more...
Umbraco content management system (CMS) contains a stored cross-site scripting (XSS) vulnerability due to an absence of correct parameter input validation. A remote attacker could insert JavaScript code and steal a victim's session tokens, cookies, or other sensitive information.
less...
|
|
| BDSA-2020-3950 |
|
High |
Dec 31, 2020 |
Umbraco CMS has a stored cross-site scripting (XSS) vulnerability due to an absence of correct parameter input validation. A remote attacker could inse
more...
Umbraco CMS has a stored cross-site scripting (XSS) vulnerability due to an absence of correct parameter input validation. A remote attacker could insert JavaScript code and steal a victim's session tokens, cookies, or other sensitive information.
less...
|
|
