CVE-2020-36889

Sažetak

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface.

Reference

https://devnet.kentico.com/download/hotfixes
https://www.vulncheck.com/advisories/kentico-xperience-administration-interface-stored-xss

CVSS

Base:	4.6
Impact:	2.5
Exploitability:	2.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

19-12-2025 - 18:00

Objavljeno

18-12-2025 - 20:15