CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12907 – XSS in Kentico 7
https://notcve.org/view.php?id=CVE-2024-12907
02 Jan 2025 — Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability. Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of K... • https://cert.pl/en/posts/2025/01/CVE-2024-12907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19453
https://notcve.org/view.php?id=CVE-2018-19453
10 Apr 2019 — Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. Kentico CMS versión anterior al 11.0.45 permite la carga sin restricciones de un archivo de tipo peligroso • https://blog.hivint.com/advisory-upload-malicious-file-in-kentico-cms-cve-2018-19453-36debbf85216 • CWE-434: Unrestricted Upload of File with Dangerous Type •