880 matches found
Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...
CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
EUVD-2025-204343
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the SetValue method in the RichTextComponent class. An...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...
CVE-2024-58318
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...
CVE-2024-58318
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...
CVE-2022-50681
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
CVE-2022-50681
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...
CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...
CVE-2024-58318
CVE-2024-58318 describes a stored XSS in Kentico Xperience’s rich text editor used by the page/form builders. The vulnerability arises from the editor allowing malicious URIs via user input, enabling script execution in victims’ browsers. Concrete details in connected docs show affected component...
CVE-2022-50681
This CVE affects Kentico Xperience’s Rich Text Editor component. The vulnerability is a reflected Cross‑Site Scripting (XSS) flaw that allows attackers to inject malicious scripts through administrative input fields in the Rich Text Editor. Public descriptions consistently identify the SetValue()...
CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...
PT-2025-52303
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...
PT-2025-52325
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the rich text editor component used in page and form...
PT-2025-46528
Name of the Vulnerable Software and Affected Versions Lite XL versions prior to 2.1.9 Description Lite XL automatically executes the .lite project.lua file when opening a project directory without user confirmation. This file is designed for project configuration but can contain executable Lua...