CVE-2023-53738
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kentico | xperience | to 13.0.109 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53738 is a reflected cross-site scripting (XSS) vulnerability in Kentico Xperience versions up to 13.0.109. It allows authenticated users to inject malicious scripts via page preview URLs. When other users interact with these page previews, the injected scripts can execute in their browsers, potentially leading to harmful actions such as session hijacking or defacement. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary scripts in the browsers of users interacting with the page preview feature. This can lead to session hijacking, defacement, or other malicious activities that compromise user data and trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and analyzing page preview URLs in Kentico Xperience for reflected script injection patterns. Since it involves reflected cross-site scripting via page preview URLs, you can look for unusual or suspicious script tags or JavaScript code embedded in URL parameters related to page previews. Specific commands are not provided in the resources, but typical detection methods include using web application scanners that test for reflected XSS or manually inspecting HTTP requests to page preview endpoints for injected scripts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the hotfixes provided by Kentico to address the vulnerability. Additionally, restricting or monitoring authenticated user access to the page preview feature can reduce risk. Implementing input validation and output encoding on page preview URLs can also help prevent script injection. Since the vulnerability requires authenticated user interaction, limiting privileges and educating users about the risk can be beneficial. [1]