Kentico Xperience vulnerabilities
50 known vulnerabilities affecting kentico/xperience.
Total CVEs
50
CISA KEV
4
actively exploited
Public exploits
8
Exploited in wild
5
Severity breakdown
CRITICAL6HIGH14MEDIUM30
Vulnerabilities
Page 3 of 3
CVE-2024-58319P4MEDIUMCVSS 6.1≤ 13.0.1602025-12-18
CVE-2024-58319 [MEDIUM] CWE-79 CVE-2024-58319: A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malic
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers.
nvd
CVE-2018-6842P4MEDIUMCVSS 5.4≥ 10.0, < 10.0.50≥ 11.0, < 11.0.32018-03-19
CVE-2018-6842 [MEDIUM] CWE-79 CVE-2018-6842: Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper co
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
nvd
CVE-2021-43991P4MEDIUMCVSS 5.4≥ 13.0.0, ≤ 13.0.432021-12-03
CVE-2021-43991 [MEDIUM] CWE-79 CVE-2021-43991: The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited
nvd
CVE-2023-53736P4MEDIUMCVSS 5.4≤ 13.0.1202025-12-18
CVE-2023-53736 [MEDIUM] CWE-79 CVE-2023-53736: A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to in
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context.
nvd
CVE-2023-53738P4MEDIUMCVSS 5.4≤ 13.0.1092025-12-18
CVE-2023-53738 [MEDIUM] CWE-79 CVE-2023-53738: A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to in
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions.
nvd
CVE-2024-58323P4MEDIUMCVSS 5.4≤ 13.0.1582025-12-18
CVE-2024-58323 [MEDIUM] CWE-79 CVE-2024-58323: A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject maliciou
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder.
nvd
CVE-2019-25230P4MEDIUMCVSS 4.3≤ 12.02025-12-18
CVE-2019-25230 [MEDIUM] CWE-497 CVE-2019-25230: An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sens
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through the live site widget properties dialog. Attackers can exploit this vulnerability to access unauthorized system information without proper access controls.
nvd
CVE-2022-50680P4MEDIUMCVSS 4.8≤ 13.0.922025-12-18
CVE-2022-50680 [MEDIUM] CWE-79 CVE-2022-50680: A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inje
A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information.
nvd
CVE-2018-7205P4MEDIUMCVSS 4.8≥ 9.0, ≤ 11.02018-02-20
CVE-2018-7205 [MEDIUM] CWE-79 CVE-2018-7205: Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 throug
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" s
nvd
CVE-2023-53737P4MEDIUMCVSS 4.8≤ 13.0.1012025-12-18
CVE-2023-53737 [MEDIUM] CWE-79 CVE-2023-53737: A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inj
A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface.
nvd
← Previous3 / 3