HIGH✓ PATCH🇬🇧 English

CVE-2023-53934

CVSS 8.7v4.0pub. 2025-12-18upd. 2025-12-24

A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Kentico Xperience

    APP
    Kentico
    ≤ 12.0.98
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2025-2747CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Kentico Xperience — Authentication Bypass w komponencie Staging Sync Server

CVE-2025-2746CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Kentico Xperience – pominięcie uwierzytelnienia w Staging Sync Server

CVE-2019-10068CRITICAL9.8⚠ KEVten sam produkt

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9....

CVE-2019-12102CRITICAL9.1ten sam produkt

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medial...

CVE-2017-17736CRITICAL9.8ten sam produkt

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator acces...