📦 Xperience

An authentication bypass vulnerability in Kentico Xperience's Staging Sync Server allows attackers to bypass digest authentication by exploiting empty SHA1 username handling. This enables unauthorized...

This CVE describes a denial-of-service vulnerability in Kentico Xperience's GetResource handler where improper input validation allows attackers to send specially crafted requests that can disrupt ser...

This vulnerability in Kentico Xperience allows attackers to view detailed error messages containing sensitive stack trace information through Portal Engine form controls. This information disclosure c...

This SQL injection vulnerability in Kentico Xperience allows authenticated editors to execute arbitrary SQL queries through online marketing macro parameters. Attackers can access, modify, or delete d...

A cryptography vulnerability in Kentico Xperience allows attackers to manipulate URL hash values, potentially enabling unauthorized actions or data access. This affects all Kentico Xperience deploymen...

Kentico Xperience CMS versions before 13.0.178 allow unauthenticated attackers to bypass file extension restrictions by uploading .zip files that get processed by TryZipProviderSafe, enabling them to ...

This vulnerability allows authenticated users of Kentico Xperience's Staging Sync Server to upload arbitrary files to path-relative locations via path traversal. Attackers can upload executable conten...

Kentico Xperience 13 contains a stored cross-site scripting vulnerability in a form component that allows attackers to inject malicious scripts. When exploited, this enables session hijacking where at...

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. This enables execution of arbitrary JavaScript in ...

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious JavaScript into shipping options configuration. This could lead to session hijacking, credential t...

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This enables script execution in users' browsers when the...

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. This could allow session hijacking or...

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts through the rich text editor component. This could enable attackers to execute arbitrary J...

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. This could enable attackers to exe...

An information disclosure vulnerability in Kentico Xperience allows unauthenticated attackers to access sensitive administration interface hostname details through a public authentication endpoint. Th...

This reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts into the administration interface. Attackers can execute arbitrary scripts...

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious scripts via the Localization application. This affects Kentico Xperience installations...

This reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated attackers to inject malicious scripts via page preview URLs. When exploited, it enables execution of arbitra...

CVE-2022-50681 is a reflected cross-site scripting vulnerability in Kentico Xperience's Rich Text Editor component that allows attackers to inject malicious scripts via administration input fields. Th...

A CRLF injection vulnerability in Kentico Xperience's routing engine allows attackers to manipulate URL query string redirects through improper encoding. This enables header injection attacks that cou...

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration settings. This enables execution of arbitrary JavaScri...

This HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML content into form submission emails by submitting unencoded values in form fields. When administrators ...

This stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to upload malicious XML files as page attachments or metafiles, which then execute malicious scripts in o...

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated administration users to inject malicious scripts into email marketing templates. When these templates are rendered...

Kentico Xperience has a stored cross-site scripting (XSS) vulnerability in its multiple-file upload functionality that allows attackers to upload malicious files containing JavaScript. When other user...