Shodan
Vulnerabilities
Vulnerable Software
Kentico:  >> Xperience  >> 13.0.159  Security Vulnerabilities
CVE-2024-58321
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-12-18
CVE-2024-58317
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session security and authentication state.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-18
CVE-2024-58318
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-18
CVE-2024-58319
A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-18
CVE-2024-58320
An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-18
CVE-2025-32370
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-04-06
CVE-2025-32369
Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-04-06
CVE-2025-2794
An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180.
EPSS Score
0.005
Published
2025-03-31
CVE-2025-2748
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.
CVSS Score
6.5
EPSS Score
0.005
Published
2025-03-24
CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
CVSS Score
7.2
EPSS Score
0.012
Published
2025-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved