CVE-2020-36889

Name of the Vulnerable Software and Affected Versions Kentico Xperience (affected versions not specified)

Description A stored cross-site scripting issue exists in Kentico Xperience. Attackers can inject malicious scripts through error messages that contain specially crafted object names. This allows the execution of malicious scripts in the browsers of users when administrators view these error messages within the administration interface. The issue involves the injection of scripts via error messages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.