| name | about |
|---|---|
🔐 Security Issue |
Discovered a Security Issue in Umbraco? |
If you have found a security issue in Umbraco, please send the details to [email protected] and don't disclose it publicly until we can provide a fix for it. If you wish, we'll credit you for finding verified issues, when we release the patched version.
❗ Please read more about how to report security issues on https://umbraco.com/security
Umbraco is a CMS, that allows users to edit content on a website. As such, all authenticated users can:
- Edit content, and (depending on the field types) insert HTML and CSS in that content, with a variety of allowed attributes.
- Depending on the user level: Edit template files, and insert C#, HTML, CSS and javascript in so on.
- Upload files to the site, which will become publicly available.
We see these functionalities as features, and not as security issues. Please report the mentioned items only if they can be performed by non-authorized users, or other exploitable vulnerabilities.
Thanks!