Stored Cross-Site Scripting in Kentico Xperience by Kentico
CVE-2025-5591

7.7HIGH

Key Information:

Vendor: Kentico
Status: Kentico Xperience
Vendor: CVE Published:; 5 January 2026

What is CVE-2025-5591?

Kentico Xperience 13 is susceptible to a stored cross-site scripting (XSS) vulnerability through a form component. This flaw enables attackers to inject malicious scripts that can be executed in the context of a victim user's browser, effectively allowing session hijacking. Consequently, an attacker can perform unauthorized actions on behalf of the victim, compromising their account and data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kentico Xperience 13.0.167

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 5, 2026
Vulnerability Reserved
Jun 4, 2025

Credit

Michael Nervo

JSON

Kentico

What is CVE-2025-5591?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.