Vulnerabilites related to Umbraco - CMS
CVE-2024-10761 (GCVE-0-2024-10761)
Vulnerability from cvelistv5
Published
2024-11-04 05:00
Modified
2025-01-22 07:47
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Umbraco | CMS |
Version: 10.7.0 Version: 10.7.1 Version: 10.7.2 Version: 10.7.3 Version: 10.7.4 Version: 10.7.5 Version: 10.7.6 Version: 10.7.7 Version: 12.3.0 Version: 12.3.1 Version: 12.3.2 Version: 12.3.3 Version: 12.3.4 Version: 12.3.5 Version: 12.3.6 Version: 13.5.0 Version: 13.5.1 Version: 13.5.2 Version: 14.3.0 Version: 14.3.1 Version: 15.1.0 Version: 15.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T17:37:37.633206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T17:37:45.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Dashboard"
],
"product": "CMS",
"vendor": "Umbraco",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.7.1"
},
{
"status": "affected",
"version": "10.7.2"
},
{
"status": "affected",
"version": "10.7.3"
},
{
"status": "affected",
"version": "10.7.4"
},
{
"status": "affected",
"version": "10.7.5"
},
{
"status": "affected",
"version": "10.7.6"
},
{
"status": "affected",
"version": "10.7.7"
},
{
"status": "affected",
"version": "12.3.0"
},
{
"status": "affected",
"version": "12.3.1"
},
{
"status": "affected",
"version": "12.3.2"
},
{
"status": "affected",
"version": "12.3.3"
},
{
"status": "affected",
"version": "12.3.4"
},
{
"status": "affected",
"version": "12.3.5"
},
{
"status": "affected",
"version": "12.3.6"
},
{
"status": "affected",
"version": "13.5.0"
},
{
"status": "affected",
"version": "13.5.1"
},
{
"status": "affected",
"version": "13.5.2"
},
{
"status": "affected",
"version": "14.3.0"
},
{
"status": "affected",
"version": "14.3.1"
},
{
"status": "affected",
"version": "15.1.0"
},
{
"status": "affected",
"version": "15.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kushkira (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Umbraco CMS bis 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /Umbraco/preview/frame?id{} der Komponente Dashboard. Durch Beeinflussen des Arguments culture mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T07:47:21.294Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-282930 | Umbraco CMS Dashboard frame cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.282930"
},
{
"name": "VDB-282930 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.282930"
},
{
"name": "Submit #427091 | Umbraco Umbraco CMS Version 12.3.6 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.427091"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing"
},
{
"tags": [
"related"
],
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-69cg-w8vm-h229"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-11-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-22T08:52:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Umbraco CMS Dashboard frame cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10761",
"datePublished": "2024-11-04T05:00:06.691Z",
"dateReserved": "2024-11-03T07:39:15.951Z",
"dateUpdated": "2025-01-22T07:47:21.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-10054 (GCVE-0-2012-10054)
Vulnerability from cvelistv5
Published
2025-08-13 20:54
Modified
2025-08-14 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2012-10054",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T13:44:22.995765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T14:51:44.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20120707033729/http://blog.gdssecurity.com/labs/2012/7/3/find-bugs-faster-with-a-webmatrix-local-reference-instance.html"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"codeEditorSave.asmx SOAP endpoint"
],
"product": "CMS",
"vendor": "Umbraco",
"versions": [
{
"lessThan": "4.7.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Toby Clarke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUmbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the \u003ccode\u003ecodeEditorSave.asmx\u003c/code\u003e SOAP endpoint, which exposes a \u003ccode\u003eSaveDLRScript\u003c/code\u003e operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the \u003ccode\u003efileName\u003c/code\u003e parameter, attackers can write malicious ASPX scripts directly into the web-accessible \u003ccode\u003e/umbraco/\u003c/code\u003e directory and execute them remotely.\u003c/p\u003e"
}
],
"value": "Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T20:54:39.123Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/umbraco_upload_aspx.rb"
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/19671"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20120707033729/http://blog.gdssecurity.com/labs/2012/7/3/find-bugs-faster-with-a-webmatrix-local-reference-instance.html"
},
{
"tags": [
"product"
],
"url": "https://github.com/umbraco/Umbraco-CMS"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://web.archive.org/web/20111017174609/http://umbraco.codeplex.com/releases/view/73692"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/umbraco-cms-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Umbraco CMS \u003c 4.7.1 codeEditorSave.asmx RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2012-10054",
"datePublished": "2025-08-13T20:54:39.123Z",
"dateReserved": "2025-08-11T17:55:34.802Z",
"dateUpdated": "2025-08-14T14:51:44.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}