Lucene search
K

8 matches found

Snyk
Snyk
added 2025/12/18 8:47 p.m.7 views

SQL Injection

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to SQL Injection via the whereCondition parameter of the DidActivity macro method in the ContactInfoMethods class. An authenticated...

8.8CVSS7.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 8:46 p.m.3 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetFieldValueForMail method in the BizFormMailSender class. An attacker can inject arbitrary HTML...

6.1CVSS5.3AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 8:46 p.m.3 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper processing of page preview URLs. An authenticated attacker can execute arbitrary JavaScript...

6.1CVSS5.3AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 8:46 p.m.6 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute via the SetValue method in the CookieHelper class. The requireSSL...

6.9CVSS6.8AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/06 7:41 a.m.4 views

Arbitrary File Upload

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Arbitrary File Upload due to the TryZipProviderSafe process. An attacker can create files with unauthorized extensions by exploiting...

9.8CVSS7.1AI score0.59066EPSS
Exploits3References2
Snyk
Snyk
added 2025/04/06 6:40 a.m.6 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the media library file upload feature. An attacker can distribute malicious content by uploading...

8.7CVSS5.5AI score0.0025EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/31 4:42 p.m.3 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' through the system's Content staging feature. An...

8.7CVSS7AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/24 6:44 p.m.8 views

Directory Traversal

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Directory Traversal via the Staging Sync Server, which does not sufficiently protect librarySubFolderPath against traversal sequence...

8.6CVSS8AI score0.03854EPSS
Exploits1References3
Rows per page
Query Builder