umbraco cms is vulnerable to XML external entity (XXE) attacks. Lack of validation and permitting of external DTDs allow attackers to obtain confidential information via an SSRF from the XXE attack.
CPE | Name | Operator | Version |
---|---|---|---|
umbracocms | le | 7.7.2 | |
umbracocms.core | le | 7.7.2 | |
umbracocms | le | 7.7.2 | |
umbracocms.core | le | 7.7.2 |