CVE-2025-5591
Unknown Unknown - Not Provided
Stored XSS in Kentico Xperience 13 Form Component Enables Session Hijack

Publication date: 2026-01-05

Last updated on: 2026-01-05

Assigner: The Missing Link Australia (TML)

Description
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-05
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-5591
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kentico xperience to 13.0.167 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-1188 The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-5591 is a stored cross-site scripting (XSS) vulnerability in Kentico Xperience 13. It occurs in a form component where an attacker can inject malicious scripts that are stored and later executed in the context of a victim user's session. This allows the attacker to hijack the victim's session and perform actions with the victim's security privileges. [1]

Impact Analysis

This vulnerability can impact you by allowing an attacker to hijack your user session and perform unauthorized actions on your behalf within Kentico Xperience 13. This means the attacker could potentially access sensitive information or manipulate data using your security context. [1]

Mitigation Strategies

Mitigation involves changing Kentico’s default configuration according to the vendor’s advisory and updating Kentico Xperience 13 to version 13.0.167 or later. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5591. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart