A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Kentico |
|
No data.
No data.
No data.
References
History
Thu, 18 Dec 2025 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 18 Dec 2025 20:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder. | |
| Title | Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS | |
| First Time appeared |
Kentico
Kentico xperience |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Kentico
Kentico xperience |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-12-18T21:18:43.970Z
Reserved: 2025-12-17T16:51:11.810Z
Link: CVE-2024-58323
Vulnrichment
Updated: 2025-12-18T21:17:40.327Z
NVD
Status : Received
Published: 2025-12-18T20:15:54.380
Modified: 2025-12-18T20:15:54.380
Link: CVE-2024-58323
Redhat
No data.
OpenCVE Enrichment
No data.