CVE-2022-50680

Kentico Xperience <= 13.0.92 Email Marketing Stored XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Kentico · Xperience

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-email-marketing-stored-xss