CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-5282 – Kentico CMS 11.0 - Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-5282
08 Jan 2018 — Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework ** EN DISPUTA ** Kentico 9.0 hasta la versión 11.0 tiene un desbordamiento de búfer basado en pila mediante los campos SqlName, SqlPswd, Database... • https://packetstorm.news/files/id/145868 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-7822 – Kentico CMS 8.2 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2015-7822
15 Oct 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. Múltiples vulnerabilidades de XSS en Kentico CMS 8.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un nombre de parámetro en CMSModules/AdminControls/Pages/UIPage.aspx o (2) variable cookie CMSB... • https://packetstorm.news/files/id/133981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 27%CPEs: 1EXPL: 2CVE-2015-7823 – Kentico CMS 8.2 Cross Site Scripting / Open Redirect
https://notcve.org/view.php?id=CVE-2015-7823
15 Oct 2015 — Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. Vulnerabilidad de redirección abierta en CMSPages/GetDocLink.ashx en Kentico CMS 8.2 hasta la versión 8.2.41 permite a atacantes remotos redirigir a usuarios a páginas web arbitrarias y llevar a cabo ataques de phishing a través de una URL en el parámetro link. Kentico CMS version 8.2 suffers f... • https://packetstorm.news/files/id/133981 •