Known Vulnerabilities for products from Kentico
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kentico".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-2749 json | An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrar... | Not Provided | 2025-03-24 | 2026-04-21 |
| CVE-2022-32387 json | In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler. | 7.5 - HIGH | 2022-07-18 | 2022-07-25 |
| CVE-2022-29287 json | Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management ... | 4.9 - MEDIUM | 2022-04-16 | 2022-04-25 |
| CVE-2021-46163 json | Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | 6.1 - MEDIUM | 2022-01-10 | 2022-01-13 |
| CVE-2021-43991 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2021-12-03 | 2021-12-06 |
| CVE-2021-27581 json | The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | 9.8 - CRITICAL | 2021-03-05 | 2021-03-15 |
| CVE-2020-24794 json | Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. | 6.1 - MEDIUM | 2020-09-09 | 2020-09-14 |
| CVE-2019-19493 json | Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading ... | 5.4 - MEDIUM | 2019-12-02 | 2022-02-20 |
| CVE-2019-12102 json | ** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medial... | 9.1 - CRITICAL | 2019-05-22 | 2023-11-07 |
| CVE-2019-10068 json | An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due... | 9.8 - CRITICAL | 2019-03-26 | 2020-04-15 |
| CVE-2019-6242 json | ** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP co... | 7.2 - HIGH | 2019-02-08 | 2023-11-07 |
| CVE-2018-19453 json | Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | 8.8 - HIGH | 2019-04-10 | 2019-04-11 |
| CVE-2018-7205 json | ** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allow... | 4.8 - MEDIUM | 2018-02-20 | 2023-11-07 |
| CVE-2018-7046 json | ** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute ar... | 7.2 - HIGH | 2018-02-20 | 2023-11-07 |
| CVE-2018-6843 json | Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. | 7.2 - HIGH | 2018-03-19 | 2018-04-12 |
| CVE-2018-6842 json | Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system pa... | 5.4 - MEDIUM | 2018-03-19 | 2018-04-12 |
| CVE-2018-5282 json | ** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Pa... | 7.8 - HIGH | 2018-01-08 | 2023-11-07 |
| CVE-2017-17736 json | Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting C... | 9.8 - CRITICAL | 2018-03-23 | 2019-10-03 |
| CVE-2015-7823 json | Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect... | 5.8 - MEDIUM | 2015-10-21 | 2015-10-23 |
| CVE-2015-7822 json | Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script ... | 5 - MEDIUM | 2015-10-21 | 2015-10-22 |
Known software with vulnerabilities from Kentico
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kentico | Kentico | 10.0.0 |
| Application | Kentico | Kentico Cms | 10.0.0 |