CVE-2021-43991

The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data.

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://appcheck-ng.com/persistent-xss-kentico-cms/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

History

06 Dec 2021, 15:46

Type	Values Removed	Values Added
CPE		cpe:2.3:a:kentico:xperience::::::::
References	~~(MISC) https://appcheck-ng.com/persistent-xss-kentico-cms/ -~~	(MISC) https://appcheck-ng.com/persistent-xss-kentico-cms/ - Exploit, Third Party Advisory
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.5 v3 : 5.4

03 Dec 2021, 15:36

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-03 15:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-43991

Mitre link : CVE-2021-43991

CVE.ORG link : CVE-2021-43991

JSON object : View

Products Affected

kentico

xperience

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-43991", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "info@appcheck-ng.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}]}, "published": "2021-12-03T15:15:08.410", "references": [{"url": "https://appcheck-ng.com/persistent-xss-kentico-cms/", "tags": ["Exploit", "Third Party Advisory"], "source": "info@appcheck-ng.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "info@appcheck-ng.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Kentico Xperience CMS version 13.0 \u2013 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data."}, {"lang": "es", "value": "Kentico Xperience CMS versi\u00f3n 13.0 - 13.0.43, es vulnerable a una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente (tambi\u00e9n se conoce como Stored o Second-Order XSS). Las vulnerabilidades de tipo XSS persistentes se producen cuando la aplicaci\u00f3n almacena y recupera los datos suministrados por el cliente sin administrar apropiadamente el contenido peligroso. Este tipo de vulnerabilidad de tipo XSS es explotada al enviar contenido de script malicioso a la aplicaci\u00f3n que luego es recuperado y ejecutado por otros usuarios de la aplicaci\u00f3n. El atacante podr\u00eda aprovechar esto para realizar una serie de ataques contra usuarios de la aplicaci\u00f3n afectada, como el secuestro de la sesi\u00f3n, la toma de la cuenta y el acceso a datos confidenciales"}], "lastModified": "2021-12-06T15:46:42.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61F1E304-095F-41D0-B6CC-D97E8A035C97", "versionEndIncluding": "13.0.43", "versionStartIncluding": "13.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "info@appcheck-ng.com"}