CVE-2024-58319

Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Kentico · Xperience

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-pages-dashboard-widget-reflected-xss