URLs pointing to third party domains leaked virtual context information via the HTTP Referer header. This occurred, for example, when a user editing an MVC page in the page builder clicked on a link or displayed an image loaded from a third party domain.
Workaround for all Kentico versions
The workaround for this issue is to add the 'meta referrer' tag to the HTML output of your MVC pages, i.e. set: <meta name="referrer" content="origin">.
Information Security Disclosure
Found in version:
Fixed in version:
Kentico Security Team
Install the latest hotfix. You can download the latest hotfix from Download section on the DevNet portal. If you use an older Kentico version, it is highly recommended to upgrade to the latest version.