Kentico Xperience <= 12.0.98 GetResource Handler Denial of Service

Advisories

severity: high
date: December 18, 2025
Affecting: Xperience <= 12.0.98
CVE: CVE-2023-53934
CWE: CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References: Kentico DevNet Hotfixes
Credit: Federico Girardi
Description: A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through maliciously constructed requests.