CVE-2019-25137

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/05/2023
Last modified:
22/01/2025

Description

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:* 4.11.8 (including) 7.15.10 (including)