Kentico · Kentico Xperience 13 · CVE-2025-5591
**Name of the Vulnerable Software and Affected Versions**
Kentico Xperience version 13
**Description**
Kentico Xperience 13 is susceptible to a stored cross-site scripting (XSS) attack through a form component. This allows an attacker to hijack a victim user’s session and perform actions with the victim’s permissions. The vulnerability specifically resides in the Checkbox form component of Form Builder. Successful exploitation involves injecting malicious scripts that execute in the victim’s browser.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.