Description
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://sec-consult.com/en/vulnerability-lab/advisories/index.html
Exploit, Third Party Advisory x_refsource_misc
https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Jan/33
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Jan/35
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html
Scores
CVSS v3
4.3
EPSS
0.0023
EPSS Percentile
46.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Details
CWE
CWE-352
Status
published
Products (2)
nuget/UmbracoCMS.Core
0 - 8.5.0NuGet
umbraco/umbraco_cms
8.2.2
Published
Jan 23, 2020
Tracked Since
Feb 18, 2026