CVE-2023-53737 MEDIUM

CVE-2023-53737: Kentico Xperience <= 13.0.101 Localization Application Stored XSS

Vendor Kentico
Product Xperience
Weakness CWE-79 · XSS
Published December 18, 2025
Last update December 30, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
December 30, 2025 Record updated