Kentico · Kentico Xperience · CVE-2022-50684
**Name of the Vulnerable Software and Affected Versions**
Kentico Xperience (affected versions not specified)
**Description**
A flaw exists in Kentico Xperience that permits the injection of malicious HTML into form submission emails. This occurs because form fields are not properly encoded, allowing attackers to insert HTML content that can be executed within the recipient's email client. This could lead to compromised email security. The vulnerability involves unencoded form values.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.