363 matches found
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...
Kentico Xperience CMS - Unauthenticated Stored XSS
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. id: CVE-2025-2748 info: name: Kentico Xperience CMS - Unauthenticated Stored XSS author...
Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as...
VulnCheck KEV: CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...
Kentico Xperience Path Traversal Vulnerability
Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations...
Exploit for Deserialization of Untrusted Data in Kentico Xperience
CVE-2019-10...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
EUVD-2026-0919
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Summary: Kentico Xperience 13 is vulnerable to a stored cross-site scripting (XSS) attack via the Checkbox form component in Form Builder. The root cause is a lack of proper filtering/escaping of user-supplied data in the form component, enabling an attacker to execute arbitrary scripts in a vict...
CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
Kentico Xperience 安全漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...
PT-2026-1201
Name of the Vulnerable Software and Affected Versions Kentico Xperience version 13 Description Kentico Xperience 13 is susceptible to a stored cross-site scripting XSS attack through a form component. This allows an attacker to hijack a victim user’s session and perform actions with the victim’s...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...