These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2015-8815 covers multiple cross-site scripting (XSS) issues in Umbraco's media page, developer data edit page, and form page. The vulnerable behavior is tied to the name parameter, allowing remote attackers to inject arbitrary web script or HTML in affected installations. NVD rates the issue as medium severity (CVSS 6.1) and classifies it as CWE-79.
CVE-2015-8814 describes a cross-site request forgery (CSRF) weakness in Umbraco before 7.4.0 where anti-forgery security measures could be bypassed. The CVE record and NVD classify the issue as high severity (CVSS 8.8) with network attack vector and user interaction required. Official references include the Umbraco issue tracker, an oss-security mailing list post, and the vendor patch commit.
CVE-2015-8813 describes a server-side request forgery (SSRF) flaw in Umbraco’s dashboard feed proxy code. According to the CVE record, the Page_Load function in FeedProxy.aspx.cs can be abused through the url parameter, allowing a remote attacker to make the server issue requests to attacker-chosen destinations. NVD rates the issue HIGH and maps it to CWE-918. The CVE description says the issue affects Um [truncated]