We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability.
Reserved 2024-12-23 | Published 2025-01-02 | Updated 2025-01-02 | Assigner CERT-PLCWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Michał Majchrowicz (Afine Team)
Marcin Wyczechowski (Afine Team)
cert.pl/en/posts/2025/01/CVE-2024-12907
Support options