Discovered by Michael Nervo on behalf of The Missing Link Security
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.
Mitigation: The Missing Link recommends changing Kentico's default configuration as per the vendor's advisory: Reference
The Missing Link acknowledges the Traditional Owners of the land where we work and live. We pay our respects to Elders past, present and emerging. We celebrate the stories, culture and traditions of Aboriginal and Torres Strait Islanders of all communities who also work and live on this land.