exploitDog

CVE-2022-50684

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security.

Ссылки

https://devnet.kentico.com/download/hotfixes
Product
https://www.vulncheck.com/advisories/kentico-xperience-form-emails-html-injection
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 13.0.71 (включая)

EPSS

Процентиль: 9%

0.00033

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-9pjc-73w7-429v

CVSS3: 4.6

github

около 2 месяцев назад

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security.

EPSS

Процентиль: 9%

0.00033

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79