Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout
References
Link | Resource |
---|---|
http://www.securityfocus.com/archive/1/541792/100/0/threaded | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/541792/100/0/threaded | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 04:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/archive/1/541792/100/0/threaded - Exploit, Third Party Advisory, VDB Entry |
07 Nov 2023, 03:00
Type | Values Removed | Values Added |
---|---|---|
Summary | Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout |
Information
Published : 2018-02-20 15:29
Updated : 2024-11-21 04:11
NVD link : CVE-2018-7205
Mitre link : CVE-2018-7205
CVE.ORG link : CVE-2018-7205
JSON object : View
Products Affected
kentico
- kentico_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')