← volver
CVE-2022-50683

Kentico Xperience <= 13.0.74 Form Configuration Stored XSS

CVSS 5.1 MEDIUMEPSS 0.1%CWE-79
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Kentico · Xperience

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://devnet.kentico.com/download/hotfixeshttps://www.vulncheck.com/advisories/kentico-xperience-form-configuration-stored-xss