Kentico

Xperience

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2019-12102

  • EPSS 0.13%
  • Veröffentlicht 22.05.2019 15:29:03
  • Zuletzt bearbeitet 19.12.2025 20:47:25

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did no...

8.8

CVE-2018-19453

Exploit
  • EPSS 0.4%
  • Veröffentlicht 10.04.2019 21:29:00
  • Zuletzt bearbeitet 19.12.2025 21:00:32

Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.

9.8

CVE-2019-10068

Warnung Exploit
  • EPSS 93.89%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 19.12.2025 20:47:25

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass ...

7.2

CVE-2019-6242

Exploit
  • EPSS 0.46%
  • Veröffentlicht 08.02.2019 05:29:00
  • Zuletzt bearbeitet 19.12.2025 20:47:25

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future ...

9.8

CVE-2017-17736

Exploit
  • EPSS 92.65%
  • Veröffentlicht 23.03.2018 15:29:00
  • Zuletzt bearbeitet 19.12.2025 20:56:46

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.

7.2

CVE-2018-6843

  • EPSS 0.25%
  • Veröffentlicht 19.03.2018 14:29:00
  • Zuletzt bearbeitet 19.12.2025 20:56:46

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.

5.4

CVE-2018-6842

  • EPSS 0.21%
  • Veröffentlicht 19.03.2018 14:29:00
  • Zuletzt bearbeitet 19.12.2025 20:56:46

Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.

4.8

CVE-2018-7205

Exploit
  • EPSS 0.16%
  • Veröffentlicht 20.02.2018 15:29:00
  • Zuletzt bearbeitet 19.12.2025 20:56:46

Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit tem...

9

CVE-2018-7046

Exploit
  • EPSS 1.98%
  • Veröffentlicht 20.02.2018 15:29:00
  • Zuletzt bearbeitet 19.12.2025 20:56:46

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template pro...

7.8

CVE-2018-5282

Exploit
  • EPSS 0.98%
  • Veröffentlicht 08.01.2018 09:29:00
  • Zuletzt bearbeitet 19.12.2025 20:56:46

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be repr...