Vulnerabilities > Kentico > Kentico CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-46163 | Cross-site Scripting vulnerability in Kentico CMS 13.0.44 Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | 6.1 |
| 2018-03-19 | CVE-2018-6842 | Cross-site Scripting vulnerability in Kentico CMS Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. | 5.4 |
| 2018-02-20 | CVE-2018-7205 | Cross-site Scripting vulnerability in Kentico CMS Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. | 4.8 |