Shazwazza

**Name of the Vulnerable Software and Affected Versions** Umbraco versions prior to 7.4.0 **Description** The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks. This is achieved via the `url` parameter in the `Page Load` function. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `FeedProxy.aspx.cs` file or disabling the `Page Load` function until a patch is available. Avoid using the `url` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Umbraco versions prior to 7.4.0 **Description** The issue allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks. This can be demonstrated by editing user account information in the `templates.asmx.cs` file. **Recommendations** For Umbraco versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue.