CVE-2021-47776

Medium CVSS: 6.9

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

Vendor

Umbraco

Product

Umbraco Cms

CWE

CWE-918

Yayın Tarihi

2026-01-15 16:16:09

Güncelleme

2026-01-23 18:06:44

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-918 Umbraco Cms MEDIUM Umbraco 2026

Referanslar

https://our.umbraco.com/ https://releases.umbraco.com/all-releases https://www.exploit-db.com/exploits/50462

Benzer Kayıtlar

Medium

CVE-2026-31832

Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability ex…

Medium

CVE-2026-31833

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Sett…

High

CVE-2026-31834

Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has been identi…

Medium

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authent…

High

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a…

Critical

CVE-2025-67288

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a…