Security Advisory

CVE-2024-12907

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-02 15:59:13

Last updated 2025-01-02 17:35:45

Assigner CERT-PL

State PUBLISHED

Description

Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability.

← Browse all CVEs View on cve.org ↗