{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50683","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-17T16:54:12.491Z","datePublished":"2025-12-18T19:53:28.675Z","dateUpdated":"2025-12-30T14:09:07.856Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-12-30T14:09:07.856Z"},"datePublic":"2022-06-24T00:00:00.000Z","title":"Kentico Xperience <= 13.0.74 Form Configuration Stored XSS","descriptions":[{"lang":"en","value":"A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79","type":"CWE"}]}],"affected":[{"vendor":"Kentico","product":"Xperience","versions":[{"version":"0","status":"affected","versionType":"custom","lessThanOrEqual":"13.0.74"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://devnet.kentico.com/download/hotfixes","name":"Kentico DevNet Hotfixes","tags":["vendor-advisory","patch"]},{"name":"VulnCheck Advisory: Kentico Xperience <= 13.0.74 Form Configuration Stored XSS","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/kentico-xperience-form-configuration-stored-xss"}],"credits":[{"lang":"en","value":"Kentico Security Team","type":"finder"}],"x_generator":{"engine":"vulncheck"},"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*","versionEndIncluding":"13.0.74","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-18T21:06:58.751614Z","id":"CVE-2022-50683","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T21:47:38.875Z"}}]}}