CVE-2022-50680
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kentico | xperience | to 13.0.92 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50680 is a stored cross-site scripting (XSS) vulnerability in Kentico Xperience's Email Marketing module. It allows administrative users to inject malicious scripts into email marketing templates. When these templates are viewed, the malicious scripts execute in the browsers of users, potentially compromising sensitive information. [1]
How can this vulnerability impact me? :
This vulnerability can lead to the execution of malicious scripts in user browsers, which may result in the compromise of sensitive information. Attackers exploiting this flaw could steal data or perform unauthorized actions on behalf of users who view the affected email marketing content. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for malicious scripts injected into email marketing templates within Kentico Xperience, especially versions up to 13.0.92. Since the vulnerability is a stored XSS in the Email Marketing module, review the content of email templates for suspicious script tags or JavaScript code. There are no specific commands provided to detect this vulnerability automatically. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the hotfixes provided by the Kentico Security Team to address the vulnerability. Additionally, restrict administrative user privileges to trusted personnel only and review email marketing templates for any injected malicious scripts to remove them. [1]