CVE-2022-50685
Severity CVSS v4.0:
MEDIUM
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
18/12/2025
Last modified:
18/12/2025
Description
A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers.
Impact
Base Score 4.0
5.10
Severity 4.0
MEDIUM
Base Score 3.x
4.60
Severity 3.x
MEDIUM