Sign In
Advisories

Kentico Xperience <= 12.0.90 Administration Interface Stored XSS

Go Back
severity
medium
date
Affecting

  • Xperience <= 12.0.90

CWE
  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS
5.1
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Credit
Kentico Security Team
Description
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface.