exploitDog

CVE-2022-50685

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.

Ссылки

https://devnet.kentico.com/download/hotfixes
Product
https://www.vulncheck.com/advisories/kentico-xperience-file-upload-stored-xss2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 13.0.56 (включая)

EPSS

Процентиль: 9%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j96v-c89v-53cv

CVSS3: 4.6

github

около 2 месяцев назад

A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.

EPSS

Процентиль: 9%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79