HTML Injection Vulnerability in Kentico Xperience by Kentico
CVE-2022-50684

5.1MEDIUM

Key Information:

Vendor: Kentico
Status: Xperience
Vendor: CVE Published:; 18 December 2025

What is CVE-2022-50684?

In Kentico Xperience, an HTML injection vulnerability has been identified that allows attackers to inject malicious HTML content into form submission emails. This occurs through unencoded form fields, which can lead to HTML content execution within the email clients of recipients. The potential risk includes compromise of email security, making it essential for users of affected versions to apply necessary patches and updates to mitigate this issue.

Affected Version(s)

Xperience 0 <= 13.0.71

References

https://devnet.kentico.com/download/hotfixes

vendor-advisorypatch

https://www.vulncheck.com/advisories/kentico-xperience-fo...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Dec 17, 2025

Credit

Liam Goldfinch (NetConstruct)

JSON