GCVE - cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Umbraco (`89be0333-81fe-5eb9-9281-55a77e50e27f`)
Product	Umbraco (`8ff523e0-d6f1-5ed0-a608-c2f722d82ed6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/umbraco/umbraco-cms`	purl2cpe	2026-06-01 10:16:10.187737
`pkg:nuget/UmbracoCms`	purl2cpe	2026-06-01 10:16:10.187739

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-47776`	vulnerable	2026-06-08 05:38:07.609334	Umbraco v8.14.1 - 'baseUrl' SSRF MEDIUM (5.3) Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts. Published: 2026-01-15T15:52:13.737Z Updated: 2026-04-07T14:06:05.989Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/50462 https://our.umbraco.com/ https://releases.umbraco.com/all-releases	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8815`	vulnerable	2026-06-08 05:07:04.948055	Details available Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. Published: 2017-03-03T16:00:00.000Z Updated: 2024-08-06T08:29:22.011Z Open on db.gcve.eu Reference links http://issues.umbraco.org/issue/U4-7461 http://www.openwall.com/lists/oss-security/2016/02/16/10	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8813`	vulnerable	2026-06-08 05:07:04.945866	Details available The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. Published: 2017-03-03T16:00:00.000Z Updated: 2024-08-06T08:29:22.011Z Open on db.gcve.eu Reference links http://issues.umbraco.org/issue/U4-7457 http://www.openwall.com/lists/oss-security/2016/02/17/1 http://www.openwall.com/lists/oss-security/2016/02/18/8 http://www.openwall.com/lists/oss-security/2016/02/17/5 https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.