101 matches found
CVE-2021-27581
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter...
EUVD-2021-14329
Malware in sbrugna...
EUVD-2015-7720
Malware in sbrugna...
EUVD-2018-11143
Malware in sbrugna...
EUVD-2015-7721
Malicious code in bioql PyPI...
EUVD-2025-8526
Malicious code in bioql PyPI...
EUVD-2022-33630
Malicious code in bioql PyPI...
EUVD-2024-51185
Malicious code in bioql PyPI...
CVE-2024-12907
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...
CVE-2022-29287
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...
CVE-2025-2878
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...
CVE-2025-2878
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...
CVE-2025-2878
CVE-2025-2878 affects Kentico CMS up to version 13.0.178. The vulnerability resides in the file /CMSInstall/install.aspx within the Additional Database Installation Wizard. By manipulating the argument new database, an attacker can trigger cross-site scripting (XSS). The issue can be exploited re...
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...
CVE-2025-2878 Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting
A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database lea...
CVE-2024-12907
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...
CVE-2024-12907
CVE-2024-12907 affects Kentico CMS 7, where a Reflected XSS can be triggered by manipulating a specific GET parameter sent to the /CMSMessages/AccessDenied.aspx endpoint. The description notes that Kentico 7 reached end of support in 2016, and Kentico 8 has been tested and does not contain this v...
CVE-2024-12907 XSS in Kentico 7
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this...
PT-2025-1978 · Kentico · Kentico Cms
Name of the Vulnerable Software and Affected Versions: Kentico CMS version 7 Description: The issue is a Reflected XSS attack that occurs through the manipulation of a specific GET request parameter sent to the "/CMSMessages/AccessDenied.aspx" endpoint. Support for Kentico CMS version 7 ended in...
Kentico CMS Remote Code Execution (CVE-2019-10068)
A remote code execution vulnerability exists in Kentico CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...