Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kentico Xperience <= 13.0.164 Cookie Security Configuration
Vulnerability Description
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
HTTPS会话中未设置’Secure’属性的敏感Cookie
Vulnerability Title
Kentico Xperience 安全漏洞
Vulnerability Description
Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在安全漏洞,该漏洞源于cookie安全配置不当,可能导致会话安全和身份验证状态受损。
CVSS Information
N/A
Vulnerability Type
N/A