Episerver 7 - Blind XML External Entity Injection

Episerver 7 patch 4 and earlier contains an XML external entity XXE caused by processing crafted DTD in XML requests involving util/xmlrpc/Handler.ashx, letting remote attackers read arbitrary files, exploit requires sending malicious XML payloads. id: CVE-2017-17762 info: name: Episerver 7 - Bli...

EpiServer Find <13.2.7 - Open Redirect

EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

VulnCheck KEV: CVE-2017-17762

XML external entity XXE vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx...

EUVD-2017-8913

Malware in sbrugna...

EUVD-2012-1069

Malware in sbrugna...

EUVD-2012-1070

Malware in sbrugna...

EUVD-2012-1072

Malware in sbrugna...

EUVD-2025-22862

Malicious code in bioql PyPI...

EUVD-2025-2771

Malicious code in bioql PyPI...

EUVD-2025-22861

Malicious code in bioql PyPI...

EUVD-2025-2770

Malicious code in bioql PyPI...

EUVD-2025-22860

Malicious code in bioql PyPI...

📄 Optimizely Episerver Content Management System 11.x / 12.x Cross Site Scripting

Optimizely Episerver Content Management System versions prior to 11.21.4 and prior to 12.22.1 suffer from multiple persistent cross site scripting vulnerabilities. Confidentiality class: Internal & Partner SEC Consult Vulnerability Lab Security Advisory...

CVE-2025-27802

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...

CVE-2025-27800

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

CVE-2025-27800

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...

CVE-2025-27802

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...

CVE-2025-27802 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...