CVE-2015-7822

Name of the Vulnerable Software and Affected Versions Kentico CMS version 8.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via a parameter name to "CMSModules/AdminControls/Pages/UIPage.aspx" or the CMSBodyClass cookie variable to the default URI.

Recommendations For Kentico CMS version 8.2, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the "CMSModules/AdminControls/Pages/UIPage.aspx" endpoint and avoid using the CMSBodyClass cookie variable until a patch is available.