49 matches found
CVE-2026-9520
Product/affected software : blitz-js blitz (up to 3.0.2). Vulnerable component/file : packages/generator/templates/app/src/app/auth/components/LoginForm.tsx in the Sign-in module. Root cause : argument manipulation in Next leads to cross-site scripting. Impact : cross-site scripting vulnerability...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-05118)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
EUVD-2026-0919
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
CVE-2025-5591
Summary: Kentico Xperience 13 is vulnerable to a stored cross-site scripting (XSS) attack via the Checkbox form component in Form Builder. The root cause is a lack of proper filtering/escaping of user-supplied data in the form component, enabling an attacker to execute arbitrary scripts in a vict...
CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context...
PT-2026-1201
Name of the Vulnerable Software and Affected Versions Kentico Xperience version 13 Description Kentico Xperience 13 is susceptible to a stored cross-site scripting XSS attack through a form component. This allows an attacker to hijack a victim user’s session and perform actions with the victim’s...
Kentico Xperience 安全漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data by a form component, which can be exploited by an attacker to execute arbitrary web...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient encoding of validation error messages in the...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...
CVE-2024-58323
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder...
CVE-2024-58323
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder...
CVE-2024-58323
CVE-2024-58323 concerns a stored XSS in Kentico Xperience via the Checkbox form component. Connected sources identify the vulnerable element as the checkbox component’s Text property rendered through HtmlString() without proper encoding, enabling attackers to inject scripts that run in users’ bro...
CVE-2024-58323 Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder...
PT-2025-52330
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. The issue is related to the Checkbox form component, which allows attackers to inject malicious scripts. Successful...
CVE-2025-14136
A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2RepeatergetwiredclientlistsetClientsName of the file modform.so. The manipulation of the argume...
EUVD-2012-5155
Malware in sbrugna...