CVE-2021-43991 - OpenCVE

Vendors	Products
Kentico	Xperience

Link	Providers
https://appcheck-ng.com/persistent-xss-kentico-cms/

{"containers": {"cna": {"affected": [{"product": "Kentico Xperience XMS", "vendor": "Kentico", "versions": [{"lessThan": "13.0.43", "status": "affected", "version": "13.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The Kentico Xperience CMS version 13.0 \u2013 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-03T14:42:31", "orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae", "shortName": "AppCheck"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://appcheck-ng.com/persistent-xss-kentico-cms/"}], "source": {"discovery": "EXTERNAL"}, "title": "Persistent XSS via Avatar Upload in Kentico Xperience CMS", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "info@appcheck-ng.com", "ID": "CVE-2021-43991", "STATE": "PUBLIC", "TITLE": "Persistent XSS via Avatar Upload in Kentico Xperience CMS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kentico Xperience XMS", "version": {"version_data": [{"version_affected": "<", "version_name": "13.0", "version_value": "13.0.43"}]}}]}, "vendor_name": "Kentico"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Kentico Xperience CMS version 13.0 \u2013 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://appcheck-ng.com/persistent-xss-kentico-cms/", "refsource": "MISC", "url": "https://appcheck-ng.com/persistent-xss-kentico-cms/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:17.117Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://appcheck-ng.com/persistent-xss-kentico-cms/"}]}]}, "cveMetadata": {"assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae", "assignerShortName": "AppCheck", "cveId": "CVE-2021-43991", "datePublished": "2021-12-03T14:42:31", "dateReserved": "2021-11-17T00:00:00", "dateUpdated": "2024-08-04T04:10:17.117Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*", "matchCriteriaId": "61F1E304-095F-41D0-B6CC-D97E8A035C97", "versionEndIncluding": "13.0.43", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Kentico Xperience CMS version 13.0 \u2013 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data."}, {"lang": "es", "value": "Kentico Xperience CMS versi\u00f3n 13.0 - 13.0.43, es vulnerable a una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente (tambi\u00e9n se conoce como Stored o Second-Order XSS). Las vulnerabilidades de tipo XSS persistentes se producen cuando la aplicaci\u00f3n almacena y recupera los datos suministrados por el cliente sin administrar apropiadamente el contenido peligroso. Este tipo de vulnerabilidad de tipo XSS es explotada al enviar contenido de script malicioso a la aplicaci\u00f3n que luego es recuperado y ejecutado por otros usuarios de la aplicaci\u00f3n. El atacante podr\u00eda aprovechar esto para realizar una serie de ataques contra usuarios de la aplicaci\u00f3n afectada, como el secuestro de la sesi\u00f3n, la toma de la cuenta y el acceso a datos confidenciales"}], "id": "CVE-2021-43991", "lastModified": "2021-12-06T15:46:42.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "info@appcheck-ng.com", "type": "Secondary"}]}, "published": "2021-12-03T15:15:08.410", "references": [{"source": "info@appcheck-ng.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://appcheck-ng.com/persistent-xss-kentico-cms/"}], "sourceIdentifier": "info@appcheck-ng.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "info@appcheck-ng.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object