Kentico 漏洞列表
共找到 13 个与 Kentico 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2015-7823: Kentico CMS 8.2 - Open Redirect POC
Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. -
CVE-2017-17736: Kentico - Installer Privilege Escalation POC
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. -
CVE-2019-10068: Kentico CMS Insecure Deserialization Remote Code Execution POC
Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability. -
CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS POC
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. -
CVE-2015-7823: Kentico CMS 8.2 - Open Redirect POC
Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. -
CVE-2017-17736: Kentico - Installer Privilege Escalation POC
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. -
CVE-2019-10068: Kentico CMS Insecure Deserialization Remote Code Execution POC
Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability. -
CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS POC
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. -
kentico-13-auth-bypass-wt-2025-0006: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) POC
A security issue exists in Kentico Xperience 13 (before Hotfix 173) when the Staging Service is enabled with username/password authentication. This vulnerability may allow unauthorized access or misuse of staging functionality. -
kentico-13-auth-bypass-wt-2025-0011: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011) POC
Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix >= 173 and < 178, this vulnerability can be exploited only if you provide a valid Staging Service username (default: admin) -
Kentico Xperience13 /cms/admin 文件读取漏洞 (CVE-2025-0011) 无POC
Kentico Xperience13 是一款功能强大的内容管理系统(CMS),广泛应用于企业网站和数字体验管理。该系统存在文件读取漏洞(CVE-2025-0011),攻击者可以利用该漏洞绕过权限验证,读取系统中的敏感文件,从而导致信息泄露和潜在的安全风险。 -
Kentico 重装漏洞(CVE-2017-17736) 无POC
9.0.51之前的Kentico9.0和10.0.48之前的10.0易受特权升级攻击。攻击者可以通过访问CMSInstall/install.aspx,然后导航到CMS管理面板来获得全局管理员访问权限 -
Kentico-CMS 7.0.75 PublicMessageUserSelector.aspx-信息泄漏 无POC
【漏洞对象】Kentico 【涉及版本】CMS 7.0.75 PublicMessageUserSelector.aspx 【漏洞描述】此漏洞是站点上的一个未受保护的页面,您可以在其中查看 所有当前用户和用户名。 找出Kentico CMS是否易受攻击