CVE-2022-50685
Kentico Xperience <= 13.0.56 File Upload Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Kentico · XperienceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →