Lucene search
K

363 matches found

Nuclei
Nuclei
added 2 days ago17 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)

Before Kentico Xperience 13 Hotfix 173, this vulnerability can be exploited with any username provided. For Hotfix = 173 and = 173 and 178, this vulnerability can be exploited only if you provide a valid Staging Service username default: admin impact: | Unauthenticated attackers can bypass...

9.8CVSS6.1AI score0.58431EPSS
Exploits1References3
Nuclei
Nuclei
added 2 days ago39 views

Kentico Xperience CMS - Unauthenticated Stored XSS

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. id: CVE-2025-2748 info: name: Kentico Xperience CMS - Unauthenticated Stored XSS author...

6.1CVSS7.3AI score0.59066EPSS
Exploits2References2
Nuclei
Nuclei
added 5 days ago12 views

Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

9.8CVSS6.1AI score0.92161EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2026/04/21 6:23 a.m.14 views

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as...

10CVSS7.7AI score0.99991EPSS
Exploits26
VulnCheck KEV
VulnCheck KEV
added 2026/04/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

7.2CVSS6.5AI score0.03854EPSS
In wildExploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.6 views

Kentico Xperience Path Traversal Vulnerability

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations...

7.2CVSS5.9AI score0.03854EPSS
In wildExploits1
GithubExploit
GithubExploit
added 2026/03/11 2:9 a.m.138 views

Exploit for Deserialization of Untrusted Data in Kentico Xperience

CVE-2019-10...

9.8CVSS5.8AI score0.96031EPSS
Exploits5
CNVD
CNVD
added 2026/01/19 12:0 a.m.4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...

9.4CVSS6AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/06 12:19 a.m.7 views

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.4CVSS6.2AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/01/05 1:15 a.m.8 views

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.4CVSS0.00145EPSS
Exploits0References1
OSV
OSV
added 2026/01/05 1:15 a.m.8 views

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

5.4CVSS5.6AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/05 12:2 a.m.8 views

EUVD-2026-0919

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.4CVSS5.7AI score0.00145EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/05 12:2 a.m.2 views

CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.4CVSS5.8AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/01/05 12:2 a.m.18 views

CVE-2025-5591

Summary: Kentico Xperience 13 is vulnerable to a stored cross-site scripting (XSS) attack via the Checkbox form component in Form Builder. The root cause is a lack of proper filtering/escaping of user-supplied data in the form component, enabling an attacker to execute arbitrary scripts in a vict...

9.4CVSS5.8AI score0.00145EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/05 12:2 a.m.22 views

CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...

9.4CVSS0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.7 views

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...

9.4CVSS5.9AI score0.00145EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.10 views

PT-2026-1201

Name of the Vulnerable Software and Affected Versions Kentico Xperience version 13 Description Kentico Xperience 13 is susceptible to a stored cross-site scripting XSS attack through a form component. This allows an attacker to hijack a victim user’s session and perform actions with the victim’s...

9.4CVSS5.5AI score0.00145EPSS
Exploits0References8
CNVD
CNVD
added 2025/12/25 12:0 a.m.4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS6AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/25 12:0 a.m.3 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...

6.1CVSS5.8AI score0.00139EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/25 12:0 a.m.2 views

Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.9AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder