IDCVSSSummaryLast (major) updatePublished
CVE-2019-10068 7.5
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass
01-04-2019 - 13:52 26-03-2019 - 18:29
CVE-2019-19493 4.3
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
02-12-2019 - 13:37 02-12-2019 - 03:15
CVE-2019-6242 4.0
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix
21-02-2019 - 19:31 08-02-2019 - 05:29
CVE-2019-12102 6.4
** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the re
10-10-2019 - 12:09 22-05-2019 - 15:29
CVE-2017-17736 7.5
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
03-10-2019 - 00:03 23-03-2018 - 15:29
CVE-2018-19453 6.8
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.
11-04-2019 - 16:06 10-04-2019 - 21:29
CVE-2018-5282 7.2
** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a cr
01-02-2018 - 18:35 08-01-2018 - 09:29
CVE-2018-6842 3.5
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
12-04-2018 - 12:26 19-03-2018 - 14:29
CVE-2018-6843 6.5
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.
12-04-2018 - 13:09 19-03-2018 - 14:29
CVE-2018-7046 9.0
** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Ed
28-02-2019 - 20:29 20-02-2018 - 15:29
CVE-2018-7205 3.5
** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pa
26-03-2019 - 18:40 20-02-2018 - 15:29
CVE-2015-7822 5.0
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the
22-10-2015 - 19:51 21-10-2015 - 15:59
CVE-2015-7823 5.8
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. <a href="http://cwe.mitre.org/dat
23-10-2015 - 12:48 21-10-2015 - 15:59
Back to Top Mark selected
Back to Top