Umbraco CMS 8.14.1
Approved changes feed: RSS · Atom
cpe:2.3:a:umbraco:umbraco_cms:8.14.1:*:*:*:*:*:*:*
part: a version: 8.14.1 update: *
| Vendor | Umbraco (89be0333-81fe-5eb9-9281-55a77e50e27f) |
|---|---|
| Product | Umbraco Cms (8f213959-af43-58a2-84af-fba3fcb81e76) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/umbraco/umbraco-cms |
purl2cpe | 2026-06-01 10:16:10.007721 |
pkg:nuget/UmbracoCms.Core |
purl2cpe | 2026-06-01 10:16:10.007724 |
pkg:nuget/UmbracoCms.Web |
purl2cpe | 2026-06-01 10:16:10.007726 |
pkg:nuget/umbracoCms |
purl2cpe | 2026-06-01 10:16:10.007723 |
pkg:sourceforge/umbraco |
purl2cpe | 2026-06-01 10:16:10.007727 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-47776 |
vulnerable | 2026-06-08 05:38:07.611318 |
Umbraco v8.14.1 - 'baseUrl' SSRF
MEDIUM (5.3)
Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.
Published: 2026-01-15T15:52:13.737Z
Updated: 2026-04-07T14:06:05.989Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.