CVE-2015-7822
published 2015-10-21CVE-2015-7822: Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.13%
62.3th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kentico | kentico_cms | — | — |
| linux | linux_kernel | >= 0 < 3.13.0-48.80 | 3.13.0-48.80 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2p9m-c88w-j8wx: Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8
ghsa_unreviewed·2022-05-17
CVE-2015-7822 [MEDIUM] CWE-79 GHSA-2p9m-c88w-j8wx: Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.
OSV
linux vulnerabilities
osv·2015-03-24·CVSS 2.1
CVE-2015-0274 linux vulnerabilities
linux vulnerabilities
Eric Windisch discovered flaw in how the Linux kernel's XFS file system
replaces remote attributes. A local access with access to an XFS file
system could exploit this flaw to escalate their privileges.
(CVE-2015-0274)
A flaw was discovered in the automatic loading of modules in the crypto
subsystem of the Linux kernel. A local user could exploit this flaw to load
installed kernel modules, increasing the attack surface and potentially
using this to gain administrative privileges. (CVE-2013-7421)
The Linux kernel's splice system call did not correctly validate its
parameters. A local, unprivileged user could exploit this flaw to cause a
denial of service (system crash). (CVE-2014-7822)
A flaw was discovered in the crypto subsystem when screening module names
for au
No detection rules found.
No public exploits indexed.
2015-10-21
Published