Sebastiaan Janssen

2 exploits Active since Oct 2017

CVE-2017-15279 WRITEUP MEDIUM WRITEUP

Umbraco CMS < 7.7.3 - Stored Cross-Site Scripting via Page Name Parameter

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.

CVSS 5.4

View Code

CVE-2017-15280 WRITEUP MEDIUM WRITEUP

Umbraco CMS < 7.7.3 - XML External Entity Injection via Import Document Type Dialog

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

CVSS 5.5

View Code