CNNVD-202512-3393 Information
Dec 18, 2025
cve
CNNVD ID
CNNVD-202512-3393
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在跨站脚本漏洞,该漏洞源于表单重定向URL配置可能被注入恶意脚本,导致存储型跨站脚本攻击。
Description (English)
Kentico Xperience is a digital experience platform for Kentico. Kentico Xperience has a cross-site script loophole, which stems from the fact that the form reoriented URL configuration may be injected into a malicious script, leading to a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Kentico
Published
2025-12-18
Last Modified
2026-02-24
References
https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-form-configuration-stored-xss
Patch
https://devnet.kentico.com/download/hotfixes
Share on: