CVE-2024-58319

Summary

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers.

Impact & exploitability

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• https://devnet.kentico.com/download/hotfixes
• https://www.vulncheck.com/advisories/kentico-xperience-pages-dashboard-widget-reflected-xssAdvisory