CVE-2022-50685

Medium CVSS: 5.1

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.

Vendor

Kentico

Product

Xperience

CWE

CWE-79

Yayın Tarihi

2025-12-18 20:15:50

Güncelleme

2025-12-27 17:15:41

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Xperience MEDIUM Kentico 2025

Referanslar

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-file-upload-stored-xss2

Benzer Kayıtlar

High

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to…

Medium

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form v…

Medium

CVE-2024-58322

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping…

Medium

CVE-2024-58323

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Ch…

Medium

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when sett…

Medium

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the ri…