GHSA-x34j-wxq8-7vcm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x34j-wxq8-7vcm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x34j-wxq8-7vcm/GHSA-x34j-wxq8-7vcm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x34j-wxq8-7vcm
- Aliases
-
- CVE-2015-8813
- Published
- 2022-05-17T02:56:23Z
- Modified
- 2023-11-08T03:58:03.196383Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N CVSS Calculator
- Summary
- Umbraco CMS vulnerable to CSRF
- Details
-
The
Page_Loadfunction in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. - Database specific
{ "github_reviewed": true, "github_reviewed_at": "2023-08-03T22:13:29Z", "nvd_published_at": "2017-03-03T16:59:00Z", "severity": "HIGH", "cwe_ids": [ "CWE-918" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
- https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
- https://web.archive.org/web/20230608160721/https://issues.umbraco.org/issue/U4-7457
- http://www.openwall.com/lists/oss-security/2016/02/16/10
- http://www.openwall.com/lists/oss-security/2016/02/17/1
- http://www.openwall.com/lists/oss-security/2016/02/17/5
- http://www.openwall.com/lists/oss-security/2016/02/18/8
Affected packages
NuGet / Umbraco.CMS
Package
- Name
- Umbraco.CMS
- View open source insights on deps.dev
- Purl
- pkg:nuget/Umbraco.CMS