Vulnerabilities > Kentico

DATE CVE VULNERABILITY TITLE RISK
2022-04-16 CVE-2022-29287 Authorization Bypass Through User-Controlled Key vulnerability in Kentico
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability.
network
low complexity
kentico CWE-639
4.0
2022-01-10 CVE-2021-46163 Cross-site Scripting vulnerability in Kentico CMS 13.0.44
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.
network
kentico CWE-79
4.3
2021-12-03 CVE-2021-43991 Cross-site Scripting vulnerability in Kentico Xperience
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).
network
kentico CWE-79
3.5
2021-03-05 CVE-2021-27581 SQL Injection vulnerability in Kentico CMS 5.5
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
network
low complexity
kentico CWE-89
7.5
2020-09-09 CVE-2020-24794 Cross-site Scripting vulnerability in Kentico
Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.
network
kentico CWE-79
4.3
2019-12-02 CVE-2019-19493 Use of Incorrectly-Resolved Name or Reference vulnerability in Kentico
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
network
kentico CWE-706
3.5
2019-05-22 CVE-2019-12102 Incorrect Permission Assignment for Critical Resource vulnerability in Kentico
** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI.
network
low complexity
kentico CWE-732
6.4
2019-04-10 CVE-2018-19453 Unrestricted Upload of File with Dangerous Type vulnerability in Kentico CMS
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.
network
kentico CWE-434
6.8
2019-03-26 CVE-2019-10068 Deserialization of Untrusted Data vulnerability in Kentico
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions.
network
low complexity
kentico CWE-502
7.5
2019-02-08 CVE-2019-6242 Insufficiently Protected Credentials vulnerability in Kentico 10.0.42
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page.
network
low complexity
kentico CWE-522
4.0