CVE-2022-50680
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-18

Last updated on: 2025-12-27

Assigner: VulnCheck

Description
A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-18
Last Modified
2025-12-27
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50680
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kentico xperience to 13.0.92 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50680 is a stored cross-site scripting (XSS) vulnerability in Kentico Xperience's Email Marketing module. It allows administrative users to inject malicious scripts into email marketing templates. When these templates are viewed, the malicious scripts execute in the browsers of users, potentially compromising sensitive information. [1]

Impact Analysis

This vulnerability can lead to the execution of malicious scripts in user browsers, which may result in the compromise of sensitive information. Attackers exploiting this flaw could steal data or perform unauthorized actions on behalf of users who view the affected email marketing content. [1]

Detection Guidance

Detection involves checking for malicious scripts injected into email marketing templates within Kentico Xperience, especially versions up to 13.0.92. Since the vulnerability is a stored XSS in the Email Marketing module, review the content of email templates for suspicious script tags or JavaScript code. There are no specific commands provided to detect this vulnerability automatically. [1]

Mitigation Strategies

Immediate mitigation steps include applying the hotfixes provided by the Kentico Security Team to address the vulnerability. Additionally, restrict administrative user privileges to trusted personnel only and review email marketing templates for any injected malicious scripts to remove them. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50680. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart