Sign In

CVE-2019-19493

📊 5.4 MEDIUM0.7%🎯 1 exploits
📅 Published Dec 2, 2019
📋 Status: Modified

Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XSS.

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:
📱
kentico / kentico
Application
Vulnerable
Version: ≥ 9.0 ∧ < 12.0.50
CPE:
cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
Metrics
5.4 MEDIUMCVSS v3.1[email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
LOW
User Interaction:
REQUIRED
Confidentiality:
LOW
Integrity:
LOW
Availability:
NONE
Scope:
CHANGED

🔍 Technical Details

Analysis Status
Modified
CVSS Details
5.4 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.7% (Minimal)70.3th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
Dec 2, 2019 (5 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses2

Available exploits (1)

🔐 Sign-in Required

Sign in to view exploits and proof-of-concept code.

Sign InCreate Account
References2