CVE-2024-58322
📋 TL;DR
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious JavaScript into shipping options configuration. This could lead to session hijacking, credential theft, or redirection to malicious sites when users access affected pages. Organizations using vulnerable Kentico Xperience versions with shipping functionality are affected.
💻 Affected Systems
- Kentico Xperience
📦 What is this software?
Xperience by Kentico
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, redirect users to phishing sites, or perform actions on behalf of authenticated users, potentially leading to complete system compromise.
Likely Case
Attackers inject malicious scripts that steal session cookies or user credentials when administrators or users view shipping configuration pages, leading to account takeover.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing successful exploitation.
🎯 Exploit Status
Exploitation requires access to shipping options configuration interface, typically requiring authenticated user privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Kentico hotfix downloads for specific version
Vendor Advisory: https://devnet.kentico.com/download/hotfixes
Restart Required: Yes
Instructions:
1. Download the appropriate hotfix from Kentico DevNet. 2. Backup your Kentico instance. 3. Apply the hotfix according to Kentico's installation instructions. 4. Restart the application server. 5. Verify the fix by testing shipping options functionality.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allImplement server-side validation and HTML encoding for shipping options input fields to prevent script injection.
Restrict Access to Configuration
allLimit access to shipping options configuration to only necessary administrative users.
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads in shipping options parameters
- Disable shipping options functionality if not required for business operations
🔍 How to Verify
Check if Vulnerable:
Test shipping options configuration fields by attempting to inject basic XSS payloads like <script>alert('test')</script> and checking if scripts execute.Check Version:
Check Kentico administration interface or web.config for version informationVerify Fix Applied:
After patching, retest XSS payload injection attempts; scripts should be properly encoded and not execute.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to shipping configuration endpoints containing script tags or JavaScript code
- Multiple failed login attempts following shipping configuration changes
Network Indicators:
- Outbound connections to suspicious domains from the Kentico server following shipping configuration updates
SIEM Query:
source="kentico.log" AND ("shipping" AND ("<script>" OR "javascript:"))