IDCVSSSummaryLast (major) updatePublished
CVE-2017-17736 7.5
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
03-10-2019 - 00:03 23-03-2018 - 15:29
CVE-2018-19453 6.8
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.
11-04-2019 - 16:06 10-04-2019 - 21:29
CVE-2018-5282 7.2
** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a cr
01-02-2018 - 18:35 08-01-2018 - 09:29
CVE-2018-6842 3.5
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
12-04-2018 - 12:26 19-03-2018 - 14:29
CVE-2018-6843 6.5
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.
12-04-2018 - 13:09 19-03-2018 - 14:29
CVE-2018-7046 9.0
** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Ed
28-02-2019 - 20:29 20-02-2018 - 15:29
CVE-2018-7205 3.5
** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pa
26-03-2019 - 18:40 20-02-2018 - 15:29
CVE-2015-7822 5.0
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the
22-10-2015 - 19:51 21-10-2015 - 15:59
CVE-2015-7823 5.8
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. <a href="http://cwe.mitre.org/dat
23-10-2015 - 12:48 21-10-2015 - 15:59
Back to Top Mark selected
Back to Top