Medium severityNVD Advisory· Published Jan 2, 2025· Updated Jun 17, 2026
CVE-2024-12907
CVE-2024-12907
Description
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 7.0.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.