CNNVD-202512-3405 Information

CNNVD ID

CNNVD-202512-3405

Related CVE

CVE-2019-25228

• CNNVD Published: 2025-12-18

Description (Chinese)

Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在安全漏洞，该漏洞源于HTTP Referer标头可能泄露虚拟上下文URL，导致敏感信息暴露给外部域。

Description (English)

Kentico Xperience is a digital experience platform for Kentico. There is a security loophole in Kentico Xperience, which originates from the possibility of a virtual context URL leaking from the HTTP Referer Header, leading to the exposure of sensitive information to the outer domain.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Kentico

Published

2025-12-18

Last Modified

2026-02-24

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-virtual-context-information-disclosure

Patch

https://devnet.kentico.com/download/hotfixes