Lucene search
PRIOn knowledge basePRION:CVE-2018-7205HistoryFeb 20, 2018 - 3:29 p.m.
Cross site scripting
2018-02-2015:29:00
PRIOn knowledge base
www.prio-n.com
3
0.001 Low
EPSS
Percentile
25.2%
DISPUTED Reflected Cross-Site Scripting vulnerability in “Design” on “Edit device layout” in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the “Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design” screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kentico_cms | ge | 9.0 | |
| kentico_cms | le | 11.0 |
Related
cve
cve
CVE-2018-7205
2018-02-20 15:29:00
openvas
openvas
Kentico CMS 9.x <= 11.0.20 XSS Vulnerability
2018-02-20 00:00:00
packetstorm
packetstorm
Kentico CMS 11 Cross Site Scripting
2018-02-19 00:00:00
zdt
zdt
Kentico CMS 11 Cross Site Scripting Vulnerability
2018-02-20 00:00:00
nvd
nvd
CVE-2018-7205
2018-02-20 15:29:00
cvelist
cvelist
CVE-2018-7205
2018-02-20 15:00:00