Browse all 37 CVE security advisories affecting Kentico. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-2878 | Kentico CMS Additional Database Installation Wizard install.aspx cross site scripting — CMSCWE-79 | 2.4 | Low | 2025-03-27 |
| CVE-2025-2748 | Kentico Xperience stored cross-site scripting in multiple-file upload functionality — XperienceCWE-79 | 6.1 | Medium | 2025-03-24 |
| CVE-2025-2749 | Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE — XperienceCWE-22 | 7.2 | High | 2025-03-24 |
| CVE-2025-2747 | Kentico Xperience <= 13.0.178 Staging Sync Server None Password Type Authentication Bypass — XperienceCWE-288 | 9.8 | Critical | 2025-03-24 |
| CVE-2025-2746 | Kentico Xperience <= 13.0.172 Staging Sync Server Digest Password Authentication Bypass — XperienceCWE-288 | 9.8 | Critical | 2025-03-24 |
| CVE-2024-12907 | XSS in Kentico 7 — Kentico CMSCWE-79 | 6.1 | - | 2025-01-02 |
| CVE-2021-43991 | Persistent XSS via Avatar Upload in Kentico Xperience CMS — Kentico Xperience XMSCWE-79 | 6.8 | Medium | 2021-12-03 |
This page lists every published CVE security advisory associated with Kentico. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.