Search for packages
| purl | pkg:nuget/UmbracoCms@9.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s3pr-pezb-4qf4
Aliases: CVE-2023-48227 GHSA-335x-5wcm-8jv2 |
Incorrect Authorization Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wtw6-zcw6-2yd2
Aliases: CVE-2023-38694 GHSA-xxc6-35r7-796w |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:46:33.843326+00:00 | GitLab Importer | Affected by | VCID-wtw6-zcw6-2yd2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/UmbracoCms/CVE-2023-38694.yml | 38.6.0 |
| 2026-06-02T04:46:33.643212+00:00 | GitLab Importer | Affected by | VCID-s3pr-pezb-4qf4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/UmbracoCms/CVE-2023-48227.yml | 38.6.0 |