CVE-2025-47280
- EPSS 0.05%
- Veröffentlicht 13.05.2025 17:16:04
- Zuletzt bearbeitet 22.05.2025 18:44:42
Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent ...
CVE-2025-23041
- EPSS 0.15%
- Veröffentlicht 14.01.2025 19:15:44
- Zuletzt bearbeitet 19.09.2025 18:54:19
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 1...
CVE-2024-35239
- EPSS 0.34%
- Veröffentlicht 28.05.2024 21:16:31
- Zuletzt bearbeitet 21.11.2024 09:20:00
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowU...