{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-58319","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-17T16:51:11.810Z","datePublished":"2025-12-18T19:53:37.996Z","dateUpdated":"2025-12-30T14:09:12.871Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-12-30T14:09:12.871Z"},"datePublic":"2024-08-29T00:00:00.000Z","title":"Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS","descriptions":[{"lang":"en","value":"A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","cweId":"CWE-79","type":"CWE"}]}],"affected":[{"vendor":"Kentico","product":"Xperience","versions":[{"version":"0","status":"affected","versionType":"custom","lessThanOrEqual":"13.0.160"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.1,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://devnet.kentico.com/download/hotfixes","name":"Kentico DevNet Hotfixes","tags":["vendor-advisory","patch"]},{"name":"VulnCheck Advisory: Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/kentico-xperience-pages-dashboard-widget-reflected-xss"}],"credits":[{"lang":"en","value":"Bank of Ayudhya","type":"finder"}],"x_generator":{"engine":"vulncheck"},"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*","versionEndIncluding":"13.0.160","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-18T20:16:42.368745Z","id":"CVE-2024-58319","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-18T21:19:06.462Z"}}]}}