CVE-2023-53737

Summary

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface.

Impact & exploitability

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• https://devnet.kentico.com/download/hotfixes
• https://www.vulncheck.com/advisories/kentico-xperience-localization-application-stored-xss2Advisory