Known Vulnerabilities for Kentico Cms by Kentico
Listed below are 10 of the newest known vulnerabilities associated with "Kentico Cms" by "Kentico".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-2749 json | An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrar... | Not Provided | 2025-03-24 | 2026-04-21 |
| CVE-2021-46163 json | Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | 6.1 - MEDIUM | 2022-01-10 | 2022-01-13 |
| CVE-2021-27581 json | The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | 9.8 - CRITICAL | 2021-03-05 | 2021-03-15 |
| CVE-2018-19453 json | Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | 8.8 - HIGH | 2019-04-10 | 2019-04-11 |
| CVE-2018-7205 json | ** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allow... | 4.8 - MEDIUM | 2018-02-20 | 2023-11-07 |
| CVE-2018-7046 json | ** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute ar... | 7.2 - HIGH | 2018-02-20 | 2023-11-07 |
| CVE-2018-6843 json | Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. | 7.2 - HIGH | 2018-03-19 | 2018-04-12 |
| CVE-2018-6842 json | Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system pa... | 5.4 - MEDIUM | 2018-03-19 | 2018-04-12 |
| CVE-2018-5282 json | ** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Pa... | 7.8 - HIGH | 2018-01-08 | 2023-11-07 |
| CVE-2017-17736 json | Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting C... | 9.8 - CRITICAL | 2018-03-23 | 2019-10-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kentico | Kentico Cms | 9.0.9 | |||
| Application | Kentico | Kentico Cms | 9.0.8 | |||
| Application | Kentico | Kentico Cms | 9.0.7 | |||
| Application | Kentico | Kentico Cms | 9.0.6 | |||
| Application | Kentico | Kentico Cms | 9.0.51 | |||
| Application | Kentico | Kentico Cms | 9.0.50 | |||
| Application | Kentico | Kentico Cms | 9.0.5 | |||
| Application | Kentico | Kentico Cms | 9.0.49 | |||
| Application | Kentico | Kentico Cms | 9.0.48 | |||
| Application | Kentico | Kentico Cms | 9.0.47 | |||
| Application | Kentico | Kentico Cms | 9.0.46 | |||
| Application | Kentico | Kentico Cms | 9.0.45 | |||
| Application | Kentico | Kentico Cms | 9.0.44 | |||
| Application | Kentico | Kentico Cms | 9.0.43 | |||
| Application | Kentico | Kentico Cms | 9.0.42 | |||
| Application | Kentico | Kentico Cms | 9.0.41 | |||
| Application | Kentico | Kentico Cms | 9.0.40 | |||
| Application | Kentico | Kentico Cms | 9.0.4 | |||
| Application | Kentico | Kentico Cms | 9.0.39 | |||
| Application | Kentico | Kentico Cms | 9.0.38 |