CVE-2024-58319 MEDIUM

CVE-2024-58319: Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS

Vendor Kentico
Product Xperience
Weakness CWE-79 · XSS
Published December 18, 2025
Last update December 30, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers.

Key dates

02Disclosure timeline

December 18, 2025 CVE published
December 30, 2025 Record updated