Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xperience — Vulnerabilities & Security Advisories 33

All 33 CVE vulnerabilities found in Xperience, with AI-generated Chinese analysis, references, and POCs.

Vendor: Kentico

CVE IDTitleCVSSSeverityPublished
CVE-2024-58323 Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2024-58322 Kentico Xperience <= 13.0.158 Shipping Options Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2024-58321 Kentico Xperience <= 13.0.159 Form Validation Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2024-58320 Kentico Xperience <= 13.0.159 Authentication Information Disclosure CWE-497 5.3 Medium2025-12-18
CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS CWE-79 6.1 Medium2025-12-18
CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS CWE-79 6.1 Medium2025-12-18
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration CWE-614 5.3 Medium2025-12-18
CVE-2023-53934 Kentico Xperience <= 12.0.98 GetResource Handler Denial of Service CWE-97 7.5 High2025-12-18
CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS CWE-79 4.8 Medium2025-12-18
CVE-2023-53738 Kentico Xperience <= 13.0.109 Page Preview Reflected XSS CWE-79 5.4 Medium2025-12-18
CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure CWE-209 7.5 High2025-12-18
CVE-2022-50685 Kentico Xperience <= 13.0.56 File Upload Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS CWE-79 5.4 Medium2025-12-18
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection CWE-79 6.1 Medium2025-12-18
CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2022-50682 Kentico Xperience <= 13.0.79 Routing Engine CRLF Injection CWE-93 6.5 Medium2025-12-18
CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS CWE-79 6.1 Medium2025-12-18
CVE-2022-50680 Kentico Xperience <= 13.0.92 Email Marketing Stored XSS CWE-79 4.8 Medium2025-12-18
CVE-2021-47711 Kentico Xperience <= 13.0.52 Online Marketing Macros SQL Injection CWE-89 8.8 High2025-12-18
CVE-2021-47712 Kentico Xperience <= 12.0.102 URL Hashing Cryptography Vulnerability CWE-327 7.5 High2025-12-18
CVE-2020-36890 Kentico Xperience <= 10 Administrator Access Control Bypass CWE-862 7.2 High2025-12-18
CVE-2020-36891 Kentico Xperience <= 12.0.49 File Upload Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2019-25230 Kentico Xperience <= 12.0.0 User Widget Information Disclosure CWE-497 4.3 Medium2025-12-18
CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS CWE-79 5.4 Medium2025-12-18
CVE-2019-25228 Kentico Xperience <= 12.0.47 Virtual Context Information Disclosure CWE-497 5.3 Medium2025-12-18
CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload CWE-434 8.8 High2025-12-18
CVE-2025-32369 Kentico Xperience 安全漏洞 CWE-79 6.4 Medium2025-04-06
CVE-2025-32370 Kentico Xperience 安全漏洞 CWE-912 7.2 High2025-04-06
CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection CWE-470 7.5 -2025-03-31
CVE-2025-2748 Kentico Xperience stored cross-site scripting in multiple-file upload functionality CWE-79 6.1 Medium2025-03-24

All 33 known CVE vulnerabilities affecting Xperience with full Chinese analysis, references, and POCs where available.