CVE-2015-7822: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

October 21, 2015 (updated October 22, 2015)

Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI.

References

packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
nvd.nist.gov/vuln/detail/CVE-2015-7822

Code Behaviors & Features

Detect and mitigate CVE-2015-7822 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →