5 matches found
CVE-2018-6842
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page...
CVE-2018-6842
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page...
CVE-2018-6843
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface...
CVE-2018-7205
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages - Edit template properties - Device Layouts - Create devic...
Remote code execution
DISPUTED Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor ha...