CVE-2024-58321 MEDIUM

CVE-2024-58321: Kentico Xperience <= 13.0.159 Form Validation Stored XSS

Vendor Kentico

Product Xperience

Weakness CWE-79 · XSS

Published December 18, 2025

Last update December 30, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers.

Key dates

02Disclosure timeline

December 18, 2025 CVE published

December 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-58321 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-0626 Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting CVE-2026-5106 code-projects Exam Form Submission update_fst.php cross site scripting CVE-2026-47990 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-4512 SourceCodester Prison Management System edit-profile.php cross site scripting CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS