Kentico CMS Has Multiple Cross-Site Scripting Vulnerabilities

Kentico CMS is an enterprise-grade web content management system and customer experience management system. Kentico CMS 8.2 suffers from multiple cross-site scripting vulnerabilities. Allows remote attackers to inject any web script or HTML via the CMSModules/AdminControls/Pages/UIPageaspx or...

CVE-2015-7822

Multiple cross-site scripting XSS vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a 1 parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the 2 CMSBodyClass cookie variable to the default URI...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a 1 parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the 2 CMSBodyClass cookie variable to the default URI...

CVE-2015-7822

CVE-2015-7822 is a real vulnerability in Kentico CMS 8.2 with multiple cross-site scripting (XSS) flaws. The root cause is improper validation of user-supplied input, enabling an attacker to inject script via (1) the UIPage.aspx parameter name and (2) the CMSBodyClass cookie, potentially executed...

Kentico CMS 8.2 Cross Site Scripting / Open Redirect

Web application Kentico CMS 8.2 XSS / Open Redirection The CVE-2015-7823 reference is still waiting my disclosure. The exploit works on 8.2 to 8.2.41 I've contacted the vendor and he fixed the vulnerability in the next major version Vulnerability type: Reflected XSS High The elementguid variable ...

Kentico CMS 8.2.x Multiple Vulnerabilities

Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing platform that allows you to create cutting-edge websites, and fully optimize your digital customers’ experiences across multiple channels. Vulnerability type: Reflected XSS High The elementguid variable is vulnerab...