Kentico Cms vulnerabilities
4 known vulnerabilities affecting kentico/kentico_cms.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-27581P3CRITICALCVSS 9.8v5.52021-03-05
CVE-2021-27581 [CRITICAL] CWE-89 CVE-2021-27581: The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
nvd
CVE-2015-7823P4MEDIUMCVSS 5.8PoCv8.22015-10-21
CVE-2015-7823 [MEDIUM] CVE-2015-7823: Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows rem
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.
nvd
CVE-2024-12907P4MEDIUMCVSS 5.3v72025-01-02
CVE-2024-12907 [MEDIUM] CWE-79 CVE-2024-12907: Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specifi
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint.
Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability.
nvd
CVE-2015-7822P4MEDIUMCVSS 5.0v8.22015-10-21
CVE-2015-7822 [MEDIUM] CWE-79 CVE-2015-7822: Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inj
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.
nvd