Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Kentico — Vulnerabilities & Security Advisories 37

Browse all 37 CVE security advisories affecting Kentico. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Kentico is a comprehensive web content management and digital experience platform primarily utilized for building websites, e-commerce stores, and intranets. Its architecture, which relies heavily on ASP.NET and SQL Server, has historically exposed it to a range of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection. With 37 recorded CVEs, many flaws stem from insecure deserialization, improper access controls, and insufficient input validation within its API endpoints and administrative interfaces. Notable incidents involve attackers exploiting unpatched RCE vulnerabilities to gain full server control, leading to widespread defacement and data exfiltration across numerous enterprise deployments. The platform’s complexity and extensive plugin ecosystem often introduce additional attack surfaces, requiring rigorous patch management and strict configuration hardening to mitigate risks associated with privilege escalation and unauthorized data access.

Top products by Kentico: Xperience Kentico Xperience XMS Kentico CMS CMS Kentico Xperience
CVE IDTitleCVSSSeverityPublished
CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13 — Kentico XperienceCWE-79 5.4 -2026-01-05
CVE-2024-58323 Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2024-58322 Kentico Xperience <= 13.0.158 Shipping Options Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2024-58321 Kentico Xperience <= 13.0.159 Form Validation Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2024-58320 Kentico Xperience <= 13.0.159 Authentication Information Disclosure — XperienceCWE-497 5.3 Medium2025-12-18
CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS — XperienceCWE-79 6.1 Medium2025-12-18
CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS — XperienceCWE-79 6.1 Medium2025-12-18
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration — XperienceCWE-614 5.3 Medium2025-12-18
CVE-2023-53934 Kentico Xperience <= 12.0.98 GetResource Handler Denial of Service — XperienceCWE-97 7.5 High2025-12-18
CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS — XperienceCWE-79 4.8 Medium2025-12-18
CVE-2023-53738 Kentico Xperience <= 13.0.109 Page Preview Reflected XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2022-50685 Kentico Xperience <= 13.0.56 File Upload Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure — XperienceCWE-209 7.5 High2025-12-18
CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection — XperienceCWE-79 6.1 Medium2025-12-18
CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS — XperienceCWE-79 6.1 Medium2025-12-18
CVE-2022-50682 Kentico Xperience <= 13.0.79 Routing Engine CRLF Injection — XperienceCWE-93 6.5 Medium2025-12-18
CVE-2022-50680 Kentico Xperience <= 13.0.92 Email Marketing Stored XSS — XperienceCWE-79 4.8 Medium2025-12-18
CVE-2021-47711 Kentico Xperience <= 13.0.52 Online Marketing Macros SQL Injection — XperienceCWE-89 8.8 High2025-12-18
CVE-2021-47712 Kentico Xperience <= 12.0.102 URL Hashing Cryptography Vulnerability — XperienceCWE-327 7.5 High2025-12-18
CVE-2020-36890 Kentico Xperience <= 10 Administrator Access Control Bypass — XperienceCWE-862 7.2 High2025-12-18
CVE-2020-36891 Kentico Xperience <= 12.0.49 File Upload Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS — XperienceCWE-79 5.4 Medium2025-12-18
CVE-2019-25230 Kentico Xperience <= 12.0.0 User Widget Information Disclosure — XperienceCWE-497 4.3 Medium2025-12-18
CVE-2019-25228 Kentico Xperience <= 12.0.47 Virtual Context Information Disclosure — XperienceCWE-497 5.3 Medium2025-12-18
CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload — XperienceCWE-434 8.8 High2025-12-18
CVE-2025-32369 Kentico Xperience 安全漏洞 — XperienceCWE-79 6.4 Medium2025-04-06
CVE-2025-32370 Kentico Xperience 安全漏洞 — XperienceCWE-912 7.2 High2025-04-06
CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection — XperienceCWE-470 7.5 -2025-03-31

This page lists every published CVE security advisory associated with Kentico. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.