Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-16	CVE-2022-29287	Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. network low complexity kentico CWE-639	4.9
2022-01-10	CVE-2021-46163	Cross-site Scripting vulnerability in Kentico CMS 13.0.44 Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. network low complexity kentico CWE-79	6.1
2021-12-03	CVE-2021-43991	Cross-site Scripting vulnerability in Kentico Xperience The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). network low complexity kentico CWE-79	5.4
2020-09-09	CVE-2020-24794	Cross-site Scripting vulnerability in Kentico Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. network low complexity kentico CWE-79	6.1
2019-12-02	CVE-2019-19493	Use of Incorrectly-Resolved Name or Reference vulnerability in Kentico Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS. network low complexity kentico CWE-706	5.4
2018-03-19	CVE-2018-6842	Cross-site Scripting vulnerability in Kentico CMS Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. network low complexity kentico CWE-79	5.4
2018-02-20	CVE-2018-7205	Cross-site Scripting vulnerability in Kentico CMS Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. network low complexity kentico CWE-79	4.8