CVE-2025-47280
- EPSS 0.05%
- Veröffentlicht 13.05.2025 17:16:04
- Zuletzt bearbeitet 22.05.2025 18:44:42
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent ...
CVE-2025-23041
- EPSS 0.15%
- Veröffentlicht 14.01.2025 19:15:44
- Zuletzt bearbeitet 19.09.2025 18:54:19
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 1...
CVE-2021-33224
- EPSS 0.49%
- Veröffentlicht 24.02.2023 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:08:33
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
CVE-2020-7685
- EPSS 0.45%
- Veröffentlicht 28.07.2020 17:15:15
- Zuletzt bearbeitet 21.11.2024 05:37:36
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a ...