0Xryuzak1

**Name of the Vulnerable Software and Affected Versions** Umbraco versions 8.18.5 through 8.18.13 Umbraco versions 10.5.0 through 10.8.5 Umbraco versions 12.0.0 through 12.3.9 Umbraco versions 13.0.0 through 13.3.0 **Description** Umbraco is an ASP.NET CMS used by more than 730,000 websites. It has an endpoint that is vulnerable to open redirects. The endpoint is protected, requiring the user to be signed into the backoffice before the vulnerability is exposed. **Recommendations** For Umbraco versions 8.18.5 through 8.18.13, update to version 8.18.14 to resolve the issue. For Umbraco versions 10.5.0 through 10.8.5, update to version 10.8.6 to resolve the issue. For Umbraco versions 12.0.0 through 12.3.9, update to version 12.3.10 to resolve the issue. For Umbraco versions 13.0.0 through 13.3.0, update to version 13.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.74.0 Frappe versions prior to 15.26.0 **Description** The login page of Frappe accepts a redirect argument, allowing redirects to untrusted external URLs. This behavior can be exploited by malicious actors for phishing purposes. **Recommendations** For versions prior to 14.74.0, update to version 14.74.0 to resolve the issue. For versions prior to 15.26.0, update to version 15.26.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Umbraco versions 13.0.0 through 13.1.0 **Description** The issue concerns the availability of failing webhooks logs when the solution is not in debug mode, potentially containing critical information. **Recommendations** For Umbraco versions 13.0.0 through 13.1.0, update to version 13.1.1 to resolve the issue. As a temporary workaround, consider disabling the webhooks functionality until a patch is available.