PT-2026-6362

Impact Due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a preview rendering of any page, snippet or site setting object for which previews are enabled, consisting of any data...

EUVD-2025-204355

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions...

CVE-2023-53738

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions...

PT-2025-52312

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience that permits authenticated users to inject malicious scripts through page preview URLs. Exploitation of this issue...

Unauthorized Access To Unpublished Page Previews

mautic/core is vulnerable to Unauthorized Access to unpublished page previews. The vulnerability is due to missing authorization checks on predictable preview URLs, allowing unauthenticated users and search engines to access and index draft content...

CVE-2025-5257

The CVE-2025-5257 entry concerns Mautic’s unpublished page previews. The vulnerability arises from missing authorization checks on page preview URLs (for example, /page/preview/1, /page/preview/2), allowing unauthenticated users to access content not yet intended for public release and enabling s...