CVE-2022-50683 MEDIUM

CVE-2022-50683: Kentico Xperience <= 13.0.74 Form Configuration Stored XSS

Vendor Kentico

Product Xperience

Weakness CWE-79 · XSS

Published December 18, 2025

Last update December 30, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings.

Key dates

02Disclosure timeline

December 18, 2025 CVE published

December 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-50683 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-39562 WordPress Payment Form for PayPal Pro plugin <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting CVE-2024-51675 WordPress aThemes Addons for Elementor plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-26973 WordPress Social Warfare Plugin <= 4.5.5 - Cross Site Scripting (XSS) vulnerability CVE-2024-9267 Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter