CVE-2021-43991

Name of the Vulnerable Software and Affected Versions: Kentico Xperience CMS versions 13.0 through 13.0.43

Description: The issue is related to a persistent Cross-Site Scripting (XSS) vulnerability, also known as Stored or Second-Order XSS. This occurs when the application stores and retrieves client-supplied data without proper handling of dangerous content. An attacker could exploit this by submitting malicious script content to the application, which is then retrieved and executed by other application users. This could lead to attacks such as session hijacking, account takeover, and accessing sensitive data.

Recommendations: For Kentico Xperience CMS versions 13.0 through 13.0.43, update to a version outside of the affected range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.