CVE-2025-5591

Name of the Vulnerable Software and Affected Versions Kentico Xperience version 13

Description Kentico Xperience 13 is susceptible to a stored cross-site scripting (XSS) attack through a form component. This allows an attacker to hijack a victim user’s session and perform actions with the victim’s permissions. The vulnerability specifically resides in the Checkbox form component of Form Builder. Successful exploitation involves injecting malicious scripts that execute in the victim’s browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.