Vulnerabilities > Kentico
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-16 | CVE-2022-29287 | Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. | 4.0 |
2022-01-10 | CVE-2021-46163 | Cross-site Scripting vulnerability in Kentico CMS 13.0.44 Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | 4.3 |
2021-12-03 | CVE-2021-43991 | Cross-site Scripting vulnerability in Kentico Xperience The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). | 3.5 |
2021-03-05 | CVE-2021-27581 | SQL Injection vulnerability in Kentico CMS 5.5 The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | 7.5 |
2020-09-09 | CVE-2020-24794 | Cross-site Scripting vulnerability in Kentico Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. | 4.3 |
2019-12-02 | CVE-2019-19493 | Use of Incorrectly-Resolved Name or Reference vulnerability in Kentico Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. | 3.5 |
2019-05-22 | CVE-2019-12102 | Incorrect Permission Assignment for Critical Resource vulnerability in Kentico Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. | 9.1 |
2019-04-10 | CVE-2018-19453 | Unrestricted Upload of File with Dangerous Type vulnerability in Kentico CMS Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | 6.8 |
2019-03-26 | CVE-2019-10068 | Deserialization of Untrusted Data vulnerability in Kentico An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. | 9.8 |
2019-02-08 | CVE-2019-6242 | Insufficiently Protected Credentials vulnerability in Kentico 10.0.42 Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. | 7.2 |