exploitDog

CVE-2020-36889

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface.

Ссылки

https://devnet.kentico.com/download/hotfixes
Product
https://www.vulncheck.com/advisories/kentico-xperience-administration-interface-stored-xss
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 12.0.90 (включая)

EPSS

Процентиль: 9%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2jq7-6vh9-gh84

CVSS3: 4.6

github

около 2 месяцев назад

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface.

EPSS

Процентиль: 9%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79