Kentico 10 prior to 10.0.50 and 11 prior to 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
kentico kentico cms