← volver
CVE-2022-50684

Kentico Xperience <= 13.0.71 Form Emails HTML Injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Kentico · Xperience

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://devnet.kentico.com/download/hotfixeshttps://www.vulncheck.com/advisories/kentico-xperience-form-emails-html-injection