CMS
umbraco/Umbraco-CMS
Umbraco is a free and open source .NET content management system helping you deliver delightful digital experiences.
#umbraco-cms#cms#umbraco#csharp#hacktoberfest#dotnet-core#asp-net-core
スコア
55
/ 100
Star
5,185
Fork
2,879
Open Issue
485
サイズ
445MB
言語
C#
最終push
0 日前
Docker
—
採点内訳
過去CVE 20件 (やや多い)
✓直近 push: 0 日前
✓得意言語 (C#)
—オープンissue 485件
✓大規模 (445MB)
—Docker 未対応
—1k–10k: 初心者ベスト (★5,185)
✓※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (20 件)
- XSS/HTML Injection in Umbraco Backoffice confirmation dialog
- Open Redirect Vulnerability in Surface Controllers
- Backoffice API Allows Unauthorized Modification of Domain Data
- Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering
- Vertical Privilege Escalation via Missing Authorization Checks
- Unsafe Handling and Deletion of Temporary Files During the Dictionary Upload Process
- Delivery API allows for cached requests to be returned with an invalid API key
- Disclosure of Configured Password Requirements
- Possibility to By-Pass Configured Allowed Extensions for File Uploads
- User Enumeration Feasible Based on Timing of Login Response
- Management API Vulnerability to Path Traversal With Authenticated Users
- Restricted Editor User Can Delete Media Item or Access Unauthorized Content
- Improper API Access Control Allows Low-Privilege Users to Data Type Functionality
- XSS/HTML Injection Vulnerability in Umbraco Backoffice Components
- User Enumeration Feasible Based On Management API Timing and Response Codes
- XSS/HTML Injection Vulnerability in Umbraco Preview Badge
- Incomplete Server Termination During Explicit Sign-Out
- Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
- Improper Access Control Allows Low-Privilege Users to Access Webhook API
- Stored XSS in the “dictionary name” on Dictionary section