CVE-2022-50685
Kentico Xperience <= 13.0.56 File Upload Stored XSS
A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Kentico · Xperience¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →