GHSA-h66j-xm43-47pp

Suggest an improvement
Source
https://github.com/advisories/GHSA-h66j-xm43-47pp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-h66j-xm43-47pp/GHSA-h66j-xm43-47pp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h66j-xm43-47pp
Aliases
  • CVE-2021-47776
Published
2026-01-15T18:31:32Z
Modified
2026-01-15T22:56:24.901593Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L CVSS Calculator
Summary
Umbraco CMS contains a server-side request forgery vulnerability
Details

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-15T22:39:22Z",
    "severity": "MODERATE",
    "nvd_published_at": "2026-01-15T16:16:09Z",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

NuGet / UmbracoCms

Package

Name
UmbracoCms
View open source insights on deps.dev
Purl
pkg:nuget/UmbracoCms

Affected ranges

Affected versions

8.*

8.14.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-h66j-xm43-47pp/GHSA-h66j-xm43-47pp.json"