CVE-2024-58322 MEDIUM

CVE-2024-58322: Kentico Xperience <= 13.0.158 Shipping Options Stored XSS

Vendor Kentico

Product Xperience

Weakness CWE-79 · XSS

Published December 18, 2025

Last update December 30, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by executing malicious scripts in users' browsers.

Key dates

02Disclosure timeline

December 18, 2025 CVE published

December 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-58322 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-32140 WordPress Libsyn Publisher Hub plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability CVE-2023-3986 SourceCodester Simple Online Mens Salon Management System cross site scripting CVE-2024-51868 WordPress DuoGeek Blocks plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-54683 WordPress WP Modal Popup with Cookie Integration Plugin plugin <= 2.4 - Cross Site Scripting (XSS) Vulnerability CVE-2021-39357 Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting