Browse all 37 CVE security advisories affecting Kentico. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kentico is a comprehensive web content management and digital experience platform primarily utilized for building websites, e-commerce stores, and intranets. Its architecture, which relies heavily on ASP.NET and SQL Server, has historically exposed it to a range of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. With 37 recorded CVEs, many flaws stem from insecure deserialization, improper access controls, and insufficient input validation within its API endpoints and administrative interfaces. Notable incidents involve attackers exploiting unpatched RCE vulnerabilities to gain full server control, leading to widespread defacement and data exfiltration across numerous enterprise deployments. The platform’s complexity and extensive plugin ecosystem often introduce additional attack surfaces, requiring rigorous patch management and strict configuration hardening to mitigate risks associated with privilege escalation and unauthorized data access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12907 | XSS in Kentico 7 — Kentico CMSCWE-79 | 6.1 | - | 2025-01-02 |
This page lists every published CVE security advisory associated with Kentico. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.