Kentico Security Vulnerabilities (CVEs)
Track 26 security vulnerabilities affecting Kentico products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
Kentico Xperience 13 contains a stored cross-site scripting vulnerability in a form component that allows attackers to inject malicious scripts. When ...
Jan 5, 2026A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. ...
Dec 18, 2025A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious JavaScript into shipping options configuration. ...
Dec 18, 2025A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This en...
Dec 18, 2025A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via...
Dec 18, 2025A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts through the rich text editor component. ...
Dec 18, 2025A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget config...
Dec 18, 2025An information disclosure vulnerability in Kentico Xperience allows unauthenticated attackers to access sensitive administration interface hostname de...
Dec 18, 2025This reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts into the administration ...
Dec 18, 2025A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious scripts via the Localization applica...
Dec 18, 2025This reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated attackers to inject malicious scripts via page preview URL...
Dec 18, 2025This CVE describes a denial-of-service vulnerability in Kentico Xperience's GetResource handler where improper input validation allows attackers to se...
Dec 18, 2025CVE-2022-50681 is a reflected cross-site scripting vulnerability in Kentico Xperience's Rich Text Editor component that allows attackers to inject mal...
Dec 18, 2025A CRLF injection vulnerability in Kentico Xperience's routing engine allows attackers to manipulate URL query string redirects through improper encodi...
Dec 18, 2025A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration sett...
Dec 18, 2025This HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML content into form submission emails by submitting une...
Dec 18, 2025This stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to upload malicious XML files as page attachments or me...
Dec 18, 2025This vulnerability in Kentico Xperience allows attackers to view detailed error messages containing sensitive stack trace information through Portal E...
Dec 18, 2025This SQL injection vulnerability in Kentico Xperience allows authenticated editors to execute arbitrary SQL queries through online marketing macro par...
Dec 18, 2025A cryptography vulnerability in Kentico Xperience allows attackers to manipulate URL hash values, potentially enabling unauthorized actions or data ac...
Dec 18, 2025A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated administration users to inject malicious scripts into email mark...
Dec 18, 2025Kentico Xperience CMS versions before 13.0.178 allow unauthenticated attackers to bypass file extension restrictions by uploading .zip files that get ...
Apr 6, 2025Kentico Xperience has a stored cross-site scripting (XSS) vulnerability in its multiple-file upload functionality that allows attackers to upload mali...
Mar 24, 2025This vulnerability allows authenticated users of Kentico Xperience's Staging Sync Server to upload arbitrary files to path-relative locations via path...
Mar 24, 2025An authentication bypass vulnerability in Kentico Xperience's Staging Sync Server allows attackers to bypass digest authentication by exploiting empty...
Mar 24, 2025This SQL injection vulnerability in Kentico CMS allows attackers to execute arbitrary SQL commands via the tagname parameter in the Blog module. It af...
Mar 5, 2021Why Monitor Kentico Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 26+ known vulnerabilities affecting Kentico products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Kentico packages in under 60 seconds. No agents required - completely agentless scanning that works across Kentico deployments.
Free vulnerability database: Access detailed information about every Kentico CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Kentico CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
