Bank

**Name of the Vulnerable Software and Affected Versions** Kentico Xperience (affected versions not specified) **Description** A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the Pages dashboard widget configuration dialog. Successful exploitation can lead to the execution of malicious scripts within the browsers of administrative users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kentico Xperience (affected versions not specified) **Description** An information disclosure issue exists in Kentico Xperience that allows unauthorized public users to access sensitive hostname details of the administration interface during authentication. Attackers can obtain confidential hostname configuration information via a public endpoint, which may reveal internal network details. The issue occurs when accessing the administration interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.