← back
CVE-2024-58323

Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS

CVSS 5.1 MEDIUMEPSS 0.1%CWE-79
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
Kentico · Xperience

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://devnet.kentico.com/download/hotfixeshttps://www.vulncheck.com/advisories/kentico-xperience-checkbox-form-component-stored-xss