Reflected Cross-Site Scripting in Kentico Xperience Affects Authenticated Users
CVE-2023-53738

5.1MEDIUM

Key Information:

Vendor

Kentico

Status
Xperience
Vendor
CVE Published:
18 December 2025

What is CVE-2023-53738?

The vulnerability in Kentico Xperience allows authenticated users to exploit reflected cross-site scripting through malicious page preview URLs. Attackers can execute arbitrary scripts in users' browsers by luring them into interacting with crafted page preview links. Prompt updates and security measures are essential to mitigate potential threats associated with this vulnerability.

Affected Version(s)

Xperience 0 <= 13.0.109

References

https://devnet.kentico.com/download/hotfixes
vendor-advisorypatch
https://www.vulncheck.com/advisories/kentico-xperience-pa...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-53738 : Reflected Cross-Site Scripting in Kentico Xperience Affects Authenticated Users