CVE-2020-7357

CVE-2020-7357 relates to Cayin CMS where an authenticated OS semi-blind command injection is possible via the NTP_Server_IP/NTP IP parameter in system.cgi. The issue requires authentication (default credentials) and can allow execution of arbitrary shell commands as root. Affected are multiple Ca...

Open redirect

Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a 1 parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the 2 CMSBodyClass cookie variable to the default URI...

Kentico CMS 8.2 Cross Site Scripting / Open Redirect

Web application Kentico CMS 8.2 XSS / Open Redirection The CVE-2015-7823 reference is still waiting my disclosure. The exploit works on 8.2 to 8.2.41 I've contacted the vendor and he fixed the vulnerability in the next major version Vulnerability type: Reflected XSS High The elementguid variable ...