Lucene search
K

880 matches found

CNVD
CNVD
added 2025/12/25 12:0 a.m.4 views

Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

6.1CVSS6AI score0.00183EPSS
Exploits0References1
CNVD
CNVD
added 2025/12/25 12:0 a.m.4 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05122)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...

6.1CVSS5.8AI score0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/19 9:7 p.m.3 views

CVE-2023-53950 InnovaStudio WYSIWYG Editor 5.4 Unrestricted File Upload via Filename Manipulation

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS6.6AI score0.00559EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/18 9:31 p.m.4 views

EUVD-2025-204343

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

5.4CVSS6.1AI score0.00183EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/18 8:46 p.m.5 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the SetValue method in the RichTextComponent class. An...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/18 8:46 p.m.5 views

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

6.1CVSS5.4AI score0.00139EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:15 p.m.12 views

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

6.1CVSS0.00139EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 8:15 p.m.5 views

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

6.1CVSS5.8AI score0.00139EPSS
Exploits0References2
NVD
NVD
added 2025/12/18 8:15 p.m.3 views

CVE-2022-50681

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS0.00183EPSS
Exploits0References2
OSV
OSV
added 2025/12/18 8:15 p.m.3 views

CVE-2022-50681

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS6AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.24 views

CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

6.1CVSS0.00139EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.2 views

CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

6.1CVSS5.9AI score0.00139EPSS
Exploits0References2
CVE
CVE
added 2025/12/18 7:53 p.m.11 views

CVE-2024-58318

CVE-2024-58318 describes a stored XSS in Kentico Xperience’s rich text editor used by the page/form builders. The vulnerability arises from the editor allowing malicious URIs via user input, enabling script execution in victims’ browsers. Concrete details in connected docs show affected component...

6.1CVSS5.9AI score0.00139EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/12/18 7:53 p.m.9 views

CVE-2022-50681

This CVE affects Kentico Xperience’s Rich Text Editor component. The vulnerability is a reflected Cross‑Site Scripting (XSS) flaw that allows attackers to inject malicious scripts through administrative input fields in the Rich Text Editor. Public descriptions consistently identify the SetValue()...

6.1CVSS6.2AI score0.00183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/18 7:53 p.m.23 views

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.4 views

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS6.2AI score0.00183EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.4 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

6.1CVSS5.9AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52303

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...

6.1CVSS6AI score0.00183EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52325

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the rich text editor component used in page and form...

6.1CVSS5.8AI score0.00139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.5 views

PT-2025-46528

Name of the Vulnerable Software and Affected Versions Lite XL versions prior to 2.1.9 Description Lite XL automatically executes the .lite project.lua file when opening a project directory without user confirmation. This file is designed for project configuration but can contain executable Lua...

7.6AI score0.00326EPSS
Exploits1References6
Rows per page
Query Builder