Vulnerabilities > Kentico

DATE CVE VULNERABILITY TITLE RISK
2019-02-08 CVE-2019-6242 Insufficiently Protected Credentials vulnerability in Kentico 10.0.42
Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page.
network
low complexity
kentico CWE-522
7.2
2018-03-23 CVE-2017-17736 Forced Browsing vulnerability in Kentico CMS
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
network
low complexity
kentico CWE-425
critical
9.8
2018-03-19 CVE-2018-6843 SQL Injection vulnerability in Kentico CMS
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.
network
low complexity
kentico CWE-89
7.2
2018-03-19 CVE-2018-6842 Cross-site Scripting vulnerability in Kentico CMS
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
network
low complexity
kentico CWE-79
5.4
2018-02-20 CVE-2018-7205 Cross-site Scripting vulnerability in Kentico CMS
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens.
network
low complexity
kentico CWE-79
4.8
2018-02-20 CVE-2018-7046 OS Command Injection vulnerability in Kentico CMS
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box.
network
low complexity
kentico CWE-78
7.2
2018-01-08 CVE-2018-5282 Out-of-bounds Write vulnerability in Kentico CMS
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document.
local
low complexity
kentico CWE-787
7.8