{"url":"http://public2.vulnerablecode.io/api/packages/393904?format=json","purl":"pkg:nuget/UmbracoCms@12.0.0","type":"nuget","namespace":"","name":"UmbracoCms","version":"12.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357596?format=json","vulnerability_id":"VCID-3fnx-z8g8-dbey","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49274","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59109","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59222","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59233","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59224","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49274"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-8qp8-9rpw-j46c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49274","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49274"},{"reference_url":"https://github.com/advisories/GHSA-8qp8-9rpw-j46c","reference_id":"GHSA-8qp8-9rpw-j46c","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8qp8-9rpw-j46c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394869?format=json","purl":"pkg:nuget/UmbracoCms@12.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4"}],"aliases":["CVE-2023-49274","GHSA-8qp8-9rpw-j46c"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fnx-z8g8-dbey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357535?format=json","vulnerability_id":"VCID-4stn-uwjg-gbbe","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49089","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36592","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36772","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36796","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36785","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49089"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6324-52pr-h4p5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49089","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49089"},{"reference_url":"https://github.com/advisories/GHSA-6324-52pr-h4p5","reference_id":"GHSA-6324-52pr-h4p5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6324-52pr-h4p5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394866?format=json","purl":"pkg:nuget/UmbracoCms@12.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.0"}],"aliases":["CVE-2023-49089","GHSA-6324-52pr-h4p5"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4stn-uwjg-gbbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357595?format=json","vulnerability_id":"VCID-5uh6-snst-nfhn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49273","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50178","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50312","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50331","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50316","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49273"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-cfr5-7p54-4qg8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49273","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49273"},{"reference_url":"https://github.com/advisories/GHSA-cfr5-7p54-4qg8","reference_id":"GHSA-cfr5-7p54-4qg8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cfr5-7p54-4qg8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394869?format=json","purl":"pkg:nuget/UmbracoCms@12.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4"}],"aliases":["CVE-2023-49273","GHSA-cfr5-7p54-4qg8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5uh6-snst-nfhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138481?format=json","vulnerability_id":"VCID-eqxs-fazc-gbaq","summary":"Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37267","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62222","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62331","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62324","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62335","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37267","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37267"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e","reference_id":"1f26f2c6f3428833892cde5c6d8441fb041e410e","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-31T17:43:26Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/commit/1f26f2c6f3428833892cde5c6d8441fb041e410e"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569","reference_id":"20a4e475c8d7b91d263e4e103ef19f3644e7b569","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-31T17:43:26Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/commit/20a4e475c8d7b91d263e4e103ef19f3644e7b569"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed","reference_id":"82eae48d098b9deecbdf86cf288b2b18020e1fed","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-31T17:43:26Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/commit/82eae48d098b9deecbdf86cf288b2b18020e1fed"},{"reference_url":"https://github.com/advisories/GHSA-h8wc-r4jh-mg7m","reference_id":"GHSA-h8wc-r4jh-mg7m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h8wc-r4jh-mg7m"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m","reference_id":"GHSA-h8wc-r4jh-mg7m","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-31T17:43:26Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-h8wc-r4jh-mg7m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/393907?format=json","purl":"pkg:nuget/UmbracoCms@12.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.0.1"}],"aliases":["CVE-2023-37267","GHSA-h8wc-r4jh-mg7m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqxs-fazc-gbaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133103?format=json","vulnerability_id":"VCID-gqh7-fa7d-qfh3","summary":"Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49278","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5514","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.55127","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.55002","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.55123","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49278"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49278","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49278"},{"reference_url":"https://github.com/advisories/GHSA-7x74-h8cw-qhxq","reference_id":"GHSA-7x74-h8cw-qhxq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7x74-h8cw-qhxq"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq","reference_id":"GHSA-7x74-h8cw-qhxq","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-06T16:27:06Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-7x74-h8cw-qhxq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394869?format=json","purl":"pkg:nuget/UmbracoCms@12.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4"}],"aliases":["CVE-2023-49278","GHSA-7x74-h8cw-qhxq"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqh7-fa7d-qfh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146226?format=json","vulnerability_id":"VCID-vsxv-ychc-rfc9","summary":"Umbraco is an ASP.NET content management system (CMS).  Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48313","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69254","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.6926","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69162","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69266","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48313"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48313","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48313"},{"reference_url":"https://github.com/advisories/GHSA-v98m-398x-269r","reference_id":"GHSA-v98m-398x-269r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v98m-398x-269r"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r","reference_id":"GHSA-v98m-398x-269r","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-28T14:45:15Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-v98m-398x-269r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394869?format=json","purl":"pkg:nuget/UmbracoCms@12.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.3.4"}],"aliases":["CVE-2023-48313","GHSA-v98m-398x-269r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsxv-ychc-rfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133239?format=json","vulnerability_id":"VCID-y3tm-3gce-wbgz","summary":"Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49279","reference_id":"","reference_type":"","scores":[{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63976","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63988","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63874","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00446","scoring_system":"epss","scoring_elements":"0.63991","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49279"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49279","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49279"},{"reference_url":"https://github.com/advisories/GHSA-6xmx-85x3-4cv2","reference_id":"GHSA-6xmx-85x3-4cv2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xmx-85x3-4cv2"},{"reference_url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2","reference_id":"GHSA-6xmx-85x3-4cv2","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-28T14:43:05Z/"}],"url":"https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-6xmx-85x3-4cv2"},{"reference_url":"https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation","reference_id":"serverside-file-validation","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-28T14:43:05Z/"}],"url":"https://docs.umbraco.com/umbraco-cms/reference/security/serverside-file-validation"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394877?format=json","purl":"pkg:nuget/UmbracoCms@12.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.2.0"}],"aliases":["CVE-2023-49279","GHSA-6xmx-85x3-4cv2"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3tm-3gce-wbgz"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/UmbracoCms@12.0.0"}