EUVD-2025-204337

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53737

CVE-2023-53737 describes a stored cross-site scripting vulnerability in Kentico Xperience, specifically via the Localization Application. The CVE entry (title: Kentico Xperience

PT-2025-52311

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Global administrators can inject malicious payloads through the Localization application. Successful exploitation...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

Cross site scripting

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2023-52269

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators...

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

Design/Logic Flaw

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

CVE-2019-5615

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

CVE-2019-5615 Rapid7 InsightVM Stored Credential Exposure

Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious user...

CVE-2019-5615

CVE-2019-5615 concerns a stored-credential exposure in Rapid7 InsightVM (versions 6.5.11–6.5.49). The issue allows users with Site-level permissions to access files containing username-encrypted passwords for Security Console Global Administrators, along with clear-text passwords for restoring ba...

CVE-2019-6242

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time...

Design/Logic Flaw

DISPUTED Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time...

CVE-2019-6242

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time...

CVE-2019-6242

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time...

CVE-2019-6242

Kentico CMS v10.0.42 exposes the cleartext SMTP password on the SMTP configuration page. The issue allows Global Administrators to read the stored SMTP credentials (root cause is access to configuration data containing credentials). Impact is exposure of sensitive SMTP credentials to high-privile...