CVE-2023-53736

Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Kentico · Xperience

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-administration-interface-reflected-xss