CNNVD-202512-3395 Information

CNNVD ID

CNNVD-202512-3395

Related CVE

CVE-2022-50681

• CNNVD Published: 2025-12-18

Description (Chinese)

Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在跨站脚本漏洞，该漏洞源于富文本编辑器组件中的管理输入字段可能被注入恶意脚本，导致反射型跨站脚本攻击。

Description (English)

Kentico Xperience is a digital experience platform for Kentico. Kentico Xperience has a cross-site script loophole, which stems from the possibility that the management input field in the rich text editor component may be injected into a malicious script, leading to a reflective cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Kentico

Published

2025-12-18

Last Modified

2026-02-24

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-rich-text-editor-reflected-xss

Patch

https://devnet.kentico.com/download/hotfixes