CVE-2024-12907
- EPSS 0.19%
- Veröffentlicht 02.01.2025 16:15:07
- Zuletzt bearbeitet 02.01.2025 16:15:07
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tes...
CVE-2021-27581
- EPSS 0.53%
- Veröffentlicht 05.03.2021 23:15:11
- Zuletzt bearbeitet 21.11.2024 05:58:13
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2015-7823
- EPSS 12.67%
- Veröffentlicht 21.10.2015 15:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.
- EPSS 0.32%
- Veröffentlicht 21.10.2015 15:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the...