threat
engine
.sh
Back
·
··:··
Home
/
Product
/
kentico xperience
Product
kentico xperience
51 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-5591
>= 13.0.0 and < 13.0.167
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a
5.4
MEDIUM
CVE-2024-58323
<= 13.0.158
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox for
5.4
MEDIUM
CVE-2024-58322
<= 13.0.158
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options c
5.4
MEDIUM
CVE-2024-58321
<= 13.0.159
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation
5.4
MEDIUM
CVE-2024-58320
<= 13.0.159
An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface host
5.3
MEDIUM
CVE-2024-58319
<= 13.0.160
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages das
6.1
MEDIUM
CVE-2024-58318
<= 13.0.162
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text ed
6.1
MEDIUM
CVE-2024-58317
<= 13.0.164
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting admini
5.3
MEDIUM
CVE-2023-53934
<= 12.0.98
A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to th
7.5
HIGH
CVE-2023-53738
<= 13.0.109
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via pag
5.4
MEDIUM
CVE-2023-53737
<= 13.0.101
A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the
4.8
MEDIUM
CVE-2023-53736
<= 13.0.120
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the
5.4
MEDIUM
CVE-2022-50686
<= 12.0
An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Eng
7.5
HIGH
CVE-2022-50685
<= 13.0.56
A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML fi
5.4
MEDIUM
CVE-2022-50684
<= 13.0.71
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails
6.1
MEDIUM
CVE-2022-50683
<= 13.0.74
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect UR
5.4
MEDIUM
CVE-2022-50682
<= 13.0.79
A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encodin
6.5
MEDIUM
CVE-2022-50681
<= 13.0.88
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administratio
6.1
MEDIUM
CVE-2022-50680
<= 13.0.92
A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email
4.8
MEDIUM
CVE-2021-47712
<= 12.0.102
A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hash
7.5
HIGH
CVE-2021-47711
<= 13.0.52
A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketi
8.8
HIGH
CVE-2020-36891
<= 12.0.49
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that d
5.4
MEDIUM
CVE-2020-36890
<= 12.0.60
An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges v
7.2
HIGH
CVE-2020-36889
<= 12.0.90
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages c
5.4
MEDIUM
CVE-2019-25230
<= 12.0
An information disclosure vulnerability in Kentico Xperience allows authenticated users to view sensitive system objects through t
4.3
MEDIUM
CVE-2019-25229
<= 12.0.29
An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload a
8.8
HIGH
CVE-2019-25228
<= 12.0.47
An information disclosure vulnerability in Kentico Xperience allows attackers to leak virtual context URLs via the HTTP Referer he
5.3
MEDIUM
CVE-2025-32370
< 13.0.178
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; howev
7.2
HIGH
CVE-2025-32369
< 13.0.181
Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interact
6.4
MEDIUM
CVE-2025-2794
<= 13.0.180
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to
CVE-2025-2749
<= 13.0.178
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary dat
7.2
HIGH
CVE-2025-2748
<= 13.0.178
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, wh
6.1
MEDIUM
CVE-2025-2747
<= 13.0.178
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component pas
9.8
CRITICAL
CVE-2025-2746
<= 13.0.172
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password hand
9.8
CRITICAL
CVE-2022-32387
< 13.0.66
In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler.
7.5
HIGH
CVE-2022-29287
< 13.0.66
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management right
4.9
MEDIUM
CVE-2021-46163
all versions
Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.
6.1
MEDIUM
CVE-2021-43991
>= 13.0.0 and <= 13.0.43
The Kentico Xperience CMS version 13.0 - 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also know
6.8
MEDIUM
CVE-2020-24794
< 12.0.75
Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.
6.1
MEDIUM
CVE-2019-19493
>= 9.0 and < 12.0.50
Kentico before 12.0.50 allows file uploads in which the Content-Type header is inconsistent with the file extension, leading to XS
5.4
MEDIUM
CVE-2019-12102
>= 11.0.0 and <= 12.0
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/
9.1
CRITICAL
CVE-2018-19453
< 11.0.45
Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type.
8.8
HIGH
CVE-2019-10068
>= 9.0.0 and <= 9.0.51
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a
9.8
CRITICAL
CVE-2019-6242
all versions
Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NO
7.2
HIGH
CVE-2017-17736
>= 9.0 and < 9.0.51
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSIns
9.8
CRITICAL
CVE-2018-6843
>= 10.0 and < 10.0.50
Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.
7.2
HIGH
CVE-2018-6842
>= 10.0 and < 10.0.50
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
5.4
MEDIUM
CVE-2018-7205
>= 9.0 and <= 11.0
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers t
4.8
MEDIUM
CVE-2018-7046
>= 9.0 and <= 11.0
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating sy
7.2
HIGH
CVE-2018-5282
>= 9.0 and <= 11.0
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a Si
7.8
HIGH
CVE-2004-2550
all versions
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin