CVE-2019-19493

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
02/12/2019
Last modified:
20/02/2022

Description

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:* 9.0 (including) 12.0.50 (excluding)