CVE-2024-12907 | Kentico CMS 7 GET Request Parameter AccessDenied.aspx cross site scripting

A vulnerability, which was classified as problematic, has been found in Kentico CMS 7. This issue affects some unknown processing of the file to /CMSMessages/AccessDenied.aspx of the component GET Request Parameter Handler. The manipulation leads to cross site scripting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

The identification of this vulnerability is CVE-2024-12907. The attack may be initiated remotely. There is no exploit available.

CVE-2024-12907 | Kentico CMS 7 GET Request Parameter AccessDenied.aspx cross site scripting

Post correlati

CVE-2024-6830 | SourceCodester Simple Inventory Management System 1.0 Order action.php order_id sql injection

CVE-2024-7426 | PeepSo Community Plugin up to 6.4.6.0 on WordPress information disclosure

CVE-2024-22258 | Vmware Spring Authorization Server up to 1.0.5/1.1.5/1.2.2 PKCE downgrade

CVE-2024-29972 | Zyxel NAS326/NAS542 prior 5.21 HTTP POST Request remote_help-cgi os command injection