CVE-2020-36890

High CVSS: 8.6

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges via unauthorized requests. Attackers could potentially compromise global administrator accounts and invalidate security-sensitive macros by manipulating user privilege levels.

Vendor

Kentico

Product

Xperience

CWE

CWE-862

Yayın Tarihi

2025-12-18 20:15:49

Güncelleme

2025-12-24 18:15:25

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-862 Xperience HIGH Kentico 2025

Referanslar

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-administrator-access-control-bypass

Benzer Kayıtlar

High

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to…

Medium

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form v…

Medium

CVE-2024-58322

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping…

Medium

CVE-2024-58323

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Ch…

Medium

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when sett…

Medium

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the ri…