Cross-Site Scripting Vulnerability in Kentico CMS by Kentico Software
CVE-2025-2878

4.8MEDIUM

Key Information:

Vendor

Kentico

Status
Cms
Vendor
CVE Published:
27 March 2025

What is CVE-2025-2878?

A cross-site scripting vulnerability exists in Kentico CMS versions up to 13.0.178, specifically in the Additional Database Installation Wizard's install.aspx file. This flaw allows remote attackers to manipulate the 'new database' argument, potentially executing malicious scripts in the context of the user's session. To mitigate risks associated with this vulnerability, it is highly recommended to upgrade to Kentico CMS version 13.0.179 or later.

Affected Version(s)

CMS 13.0.178

References

https://vuldb.com/?id.301813
vdb-entrytechnical-description
https://vuldb.com/?ctiid.301813
signaturepermissions-required
https://vuldb.com/?submit.503058
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

.
CVE-2025-2878 : Cross-Site Scripting Vulnerability in Kentico CMS by Kentico Software