CVE-2019-19493
Severity CVSS v4.0:
Pending analysis
Type:
CWE-434
Unrestricted Upload of File with Dangerous Type
Publication date:
02/12/2019
Last modified:
20/02/2022
Description
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:* | 9.0 (including) | 12.0.50 (excluding) |
To consult the complete list of CPE names with products and versions, see this page