CVE-2024-58321
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kentico | xperience | to 13.0.159 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-58321 is a stored cross-site scripting (XSS) vulnerability in Kentico Xperience up to version 13.0.159. It occurs because the application does not properly neutralize input in the form validation rule configuration, allowing attackers to inject malicious scripts. These scripts are stored and later executed in the browsers of users who access the affected forms. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the context of affected users. This can lead to session hijacking, defacement of web pages, or other malicious actions that compromise user security and trust. The impact includes low confidentiality and integrity loss but no availability impact. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the hotfix provided by Kentico DevNet that addresses the stored cross-site scripting issue in Kentico Xperience versions up to and including 13.0.159. Additionally, review and sanitize form validation rule configurations to prevent injection of malicious scripts. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific detection methods or commands to identify this vulnerability on your network or system. Detection would typically involve reviewing the form validation rule configurations in Kentico Xperience versions up to 13.0.159 for malicious script injections, but no explicit commands or tools are mentioned. [1]