CVE-2024-58318 MEDIUM

CVE-2024-58318: Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS

Vendor Kentico
Product Xperience
Weakness CWE-79 · XSS
Published December 18, 2025
Last update December 30, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
December 30, 2025 Record updated