Multiple XSS Vulnerabilities in Kentico CMS 8.2 by Kentico Software
CVE-2015-7822

Currently unrated

Key Information:

Vendor: Kentico
Status: Kentico Cms
Vendor: CVE Published:; 21 October 2015

What is CVE-2015-7822?

Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow attackers to inject arbitrary web scripts or HTML. This can be exploited through a vulnerable parameter name in CMSModules/AdminControls/Pages/UIPage.aspx or by manipulating the CMSBodyClass cookie variable in the default URI, potentially compromising the integrity of the web application and affecting users' data.

References

http://packetstormsecurity.com/files/133981/Kentico-CMS-8...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2015
Vulnerability Reserved
Oct 14, 2015