CVE-2022-50685

Name of the Vulnerable Software and Affected Versions Kentico Xperience (affected versions not specified)

Description A stored cross-site scripting issue exists in Kentico Xperience. Authenticated users can inject malicious scripts through XML file uploads, specifically when used as page attachments or metafiles. Successful exploitation allows attackers to upload malicious XML files, enabling stored XSS and the execution of malicious scripts in the browsers of other users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.