Stored Cross-Site Scripting in Kentico Xperience by Kentico
CVE-2025-5591

7.7HIGH

Key Information:

Vendor: Kentico
Status: Kentico Xperience
Vendor: CVE Published:; 5 January 2026

What is CVE-2025-5591?

Kentico Xperience 13 is susceptible to a stored cross-site scripting (XSS) vulnerability through a form component. This flaw enables attackers to inject malicious scripts that can be executed in the context of a victim user's browser, effectively allowing session hijacking. Consequently, an attacker can perform unauthorized actions on behalf of the victim, compromising their account and data.

Affected Version(s)

Kentico Xperience 13.0.167

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Jun 4, 2025

Credit

Michael Nervo

CVE-2025-5591 Data

JSON