Login Sign Up

CVE-2023-53736

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts into the administration interface. Attackers can execute arbitrary scripts within the administrative context, potentially compromising administrative sessions and functionality. Only authenticated users with administrative access are affected.

💻 Affected Systems

Products:
  • Kentico Xperience
Versions: Specific versions not detailed in provided references, but hotfixes are available
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the administration interface, requires authenticated access

📦 What is this software?

Xperience by Kentico

View all CVEs affecting Xperience →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could hijack administrative sessions, steal credentials, perform administrative actions on behalf of legitimate users, or pivot to other systems.

🟠

Likely Case

Attackers with authenticated access could steal session cookies, perform limited administrative actions, or deface the administration interface.

🟢

If Mitigated

With proper input validation and output encoding, the risk is limited to authenticated users who would need to be tricked into clicking malicious links.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to the administration interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kentico hotfixes for specific version

Vendor Advisory: https://devnet.kentico.com/download/hotfixes

Restart Required: Yes

Instructions:

1. Download the appropriate hotfix from Kentico DevNet. 2. Apply the hotfix according to Kentico documentation. 3. Restart the application. 4. Verify the fix by testing the affected functionality.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for administration interface parameters

Content Security Policy

all

Implement strict Content Security Policy headers to limit script execution

🧯 If You Can't Patch

  • Restrict administrative access to trusted networks only
  • Implement web application firewall rules to detect and block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Test administration interface parameters for XSS vulnerabilities using safe payloads like <script>alert('test')</script>

Check Version:

Check Kentico administration interface for version information or review web.config files

Verify Fix Applied:

After applying hotfix, retest the previously vulnerable parameters to confirm XSS payloads are properly sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual parameter values in administration interface requests
  • Script tags or JavaScript in URL parameters

Network Indicators:

  • HTTP requests with suspicious script content in query parameters

SIEM Query:

source="web_server" AND (url="*<script*" OR url="*javascript:*") AND url="*/admin/*"

📊 Metadata

CVE ID: CVE-2023-53736
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (11.3th percentile)
Published: December 18, 2025
Last Updated: December 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53736, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)