VDB
CNVD-2026-05136
CNVD-2026-05136
PUBLISHED
CVSS 6.099999904632568 MEDIUM
Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在跨站脚本漏洞,该漏洞源于应用对用户提供的数据缺乏有效过滤与转义,攻击者利用该漏洞通过注入精心设计的有效载荷执行任意Web脚本或HTML。
Risk Scores
CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kentico | Xperience | 0 |
| kentico | xperience | 0 |
Timeline
- Mar 24, 2025 CVE Published
- Mar 24, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 1, 2025 PoC Published
- Apr 2, 2025 PoC Published
- Apr 2, 2025 PoC Published
References
- https://devnet.kentico.com/download/hotfixes vendor-advisory