CVE-2021-47776

Source
https://cve.org/CVERecord?id=CVE-2021-47776
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47776.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47776
Aliases
Published
2026-01-15T16:16:09.510Z
Modified
2026-07-09T02:49:00.370209Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

References

Affected packages

Git / github.com/umbraco/umbraco-cms

Affected ranges

Type
GIT
Repo
https://github.com/umbraco/umbraco-cms
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:umbraco:umbraco_cms:8.14.1:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.14.1"
        },
        {
            "last_affected": "8.14.1"
        }
    ]
}

Affected versions

8.*
8.14.1
release-8.*
release-8.14.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47776.json"