Vulnerabilities > Kentico

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-16	CVE-2022-29287	Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. network low complexity kentico CWE-639	4.0
2022-01-10	CVE-2021-46163	Cross-site Scripting vulnerability in Kentico CMS 13.0.44 Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. network kentico CWE-79	4.3
2021-12-03	CVE-2021-43991	Cross-site Scripting vulnerability in Kentico Xperience The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). network kentico CWE-79	3.5
2021-03-05	CVE-2021-27581	SQL Injection vulnerability in Kentico CMS 5.5 The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. network low complexity kentico CWE-89	7.5
2020-09-09	CVE-2020-24794	Cross-site Scripting vulnerability in Kentico Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. network kentico CWE-79	4.3
2019-12-02	CVE-2019-19493	Use of Incorrectly-Resolved Name or Reference vulnerability in Kentico Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. network kentico CWE-706	3.5
2019-05-22	CVE-2019-12102	Incorrect Permission Assignment for Critical Resource vulnerability in Kentico Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. network low complexity kentico CWE-732 critical	9.1
2019-04-10	CVE-2018-19453	Unrestricted Upload of File with Dangerous Type vulnerability in Kentico CMS Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. network kentico CWE-434	6.8
2019-03-26	CVE-2019-10068	Deserialization of Untrusted Data vulnerability in Kentico An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. network low complexity kentico CWE-502	7.5
2019-02-08	CVE-2019-6242	Insufficiently Protected Credentials vulnerability in Kentico 10.0.42 Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. network low complexity kentico CWE-522	7.2

Vulnerabilities > Kentico {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Kentico"}]}

Vulnerabilities > Kentico