CVE-2024-58323
BaseFortify
Publication date: 2025-12-18
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kentico | xperience | to 13.0.158 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-58323 is a stored cross-site scripting (XSS) vulnerability in Kentico Xperience, specifically in the Checkbox form component. Attackers can inject malicious scripts via this component because it improperly neutralizes input that supports HTML in the form builder. These malicious scripts are stored and later executed in the browsers of users who view the affected forms, leading to unauthorized script execution. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized execution of malicious scripts in users' browsers when they interact with affected forms. This can result in potential compromise of user data, session hijacking, or other malicious actions performed by the attacker through the executed scripts. The impact is considered medium severity with low confidentiality and integrity impact, and no availability impact. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if your Kentico Xperience installation is using a vulnerable version (up to and including 13.0.158) and if the Checkbox form component is in use. Since the vulnerability is a stored XSS via the Checkbox form component that supports HTML input, you can check for suspicious or unexpected HTML/script content in form inputs or stored form data. Specific commands are not provided in the resources, but general approaches include reviewing form component configurations and scanning stored form data for script tags or suspicious HTML. Additionally, monitoring HTTP traffic for injected scripts in form submissions or responses may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the hotfix provided by Kentico DevNet that addresses this vulnerability. Until the patch is applied, avoid using the Checkbox form component with HTML input enabled or restrict user input to prevent script injection. Additionally, review and sanitize all inputs in forms to neutralize malicious scripts and consider implementing web application firewall (WAF) rules to block typical XSS attack patterns targeting the Checkbox form component. [1]