CVE-2017-15280
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-15280
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15280.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-15280
- Aliases
- Published
- 2017-10-12T08:29:00Z
- Modified
- 2024-05-23T01:14:42.477142Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.
- References
Affected packages
Git / github.com/umbraco/umbraco-cms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/umbraco/umbraco-cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.7.2
4.8.0-beta
7.*
7.3.0-beta
7.6-alpha071
7.6-beta5
Release-4.*
Release-4.10.0
Release-4.11.0
Release-4.11.1
Release-4.11.2
Release-4.11.2.1
Release-4.11.2.2
Release-4.11.3
Release-4.11.4
Release-4.11.5
Release-4.5.2
Release-4.6.0
Release-4.8.0
Release-4.8.1
Release-4.9.0
Release-4.9.1
Release-6.*
Release-6.0.0
Release-6.0.0-RC
Release-6.0.0-beta
Release-6.0.2
Other
Sprint-Juno-A
alpha070
dev-7.*
dev-7.6-RC1
dev-7.6-RC2
dev-7.6-RC3
dev-7.6-alpha-073
dev-7.6-alpha054
dev-7.6-alpha055
dev-7.6-alpha056
dev-7.6-alpha060
dev-7.6-alpha061
dev-7.6-alpha063
dev-7.6-alpha064
dev-7.6-alpha072
dev-7.6-alpha073
dev-7.6-alpha074
dev-7.6-alpha075
dev-7.6-beta02
dev-7.6-beta03
dev-7.6-beta04
dev-7.6-beta06
dev-v7.*
dev-v7.6-alpha065
dev-v7.6-alpha066
dev-v7.6-alpha068
dev-v7.7-beta002
release-4.*
release-4.11.10
release-4.11.6
release-4.11.7
release-4.11.9
release-6.*
release-6.0.3
release-6.0.4
release-6.0.6
release-6.0.7
release-6.1.0
release-6.1.0-beta
release-6.1.0-beta2
release-6.1.1
release-6.1.2
release-6.1.3
release-6.1.4
release-6.1.5
release-6.1.6
release-6.2.0
release-6.2.0-beta
release-6.2.1
release-6.2.2
release-6.2.3
release-7.*
release-7.0.0
release-7.0.0-RC
release-7.0.0-alpha
release-7.0.0-beta
release-7.0.1
release-7.0.2
release-7.0.3
release-7.0.4
release-7.1.0
release-7.1.0-RC
release-7.1.0-beta
release-7.1.1
release-7.1.2
release-7.1.3
release-7.1.4
release-7.1.5
release-7.1.6
release-7.1.7
release-7.1.8
release-7.2.0
release-7.2.0-RC
release-7.2.0-alpha
release-7.2.0-beta
release-7.2.0-beta2
release-7.2.1
release-7.2.2
release-7.2.3
release-7.2.4
release-7.2.5
release-7.2.5-RC
release-7.2.6
release-7.2.7
release-7.2.8
release-7.3.0
release-7.3.0-RC
release-7.3.0-beta
release-7.3.0-beta2
release-7.3.0-beta3
release-7.3.1
release-7.3.2
release-7.3.3
release-7.3.4
release-7.3.5
release-7.3.6
release-7.3.7
release-7.3.8
release-7.4.0
release-7.4.0-RC1
release-7.4.0-beta2
release-7.4.1
release-7.4.2
release-7.4.3
release-7.5.0
release-7.5.0-beta
release-7.5.0-beta2
release-7.5.1
release-7.5.10
release-7.5.11
release-7.5.12
release-7.5.13
release-7.5.14
release-7.5.2
release-7.5.3
release-7.5.4
release-7.5.5
release-7.5.6
release-7.5.7
release-7.5.8
release-7.5.9
release-7.6.0
release-7.6.0-RC
release-7.6.0-beta
release-7.6.1
release-7.6.2
release-7.6.3
release-7.6.4
release-7.6.5
release-7.6.6
release-7.6.7
release-7.6.8
release-7.7.0
release-7.7.0-beta
release-7.7.1
release-7.7.2