CVE-2025-5591 – Kentico Xperience 13 contains a stored cross-si... (How to Fix)

Q: What is the severity of CVE-2025-5591?

CVE-2025-5591 has a CVSS score of 5.4 (MEDIUM). Kentico Xperience 13 contains a stored cross-site scripting vulnerability in a form component that allows attackers to inject malicious scripts. When exploited, this enables session hijacking where attackers can perform actions within the victim's security context. Organizations using Kentico Xperience 13 are affected.

📋 TL;DR

Kentico Xperience 13 contains a stored cross-site scripting vulnerability in a form component that allows attackers to inject malicious scripts. When exploited, this enables session hijacking where attackers can perform actions within the victim's security context. Organizations using Kentico Xperience 13 are affected.

💻 Affected Systems

Products:

Kentico Xperience

Versions: Version 13

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Kentico Xperience 13 installations with form components enabled.

📦 What is this software?

Xperience by Kentico

View all CVEs affecting Xperience →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover leading to data theft, privilege escalation, and unauthorized administrative actions within the application.

🟠

Likely Case

Session hijacking allowing attackers to perform actions as authenticated users, potentially accessing sensitive data and functionality.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting non-critical functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to submit malicious input through vulnerable form components.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kentico Xperience 13 security updates

Vendor Advisory: https://www.themissinglink.com.au/security-advisories/cve-2025-5591

Restart Required: Yes

Instructions:

1. Check Kentico Xperience documentation for security updates. 2. Apply the latest security patch for version 13. 3. Restart the application services. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side input validation and output encoding for all form fields

Content Security Policy

all

Implement strict CSP headers to mitigate XSS impact

🧯 If You Can't Patch

Disable or restrict access to vulnerable form components
Implement web application firewall rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Test form components for XSS vulnerability by submitting script payloads and checking if they execute

Check Version:

Check Kentico Xperience administration interface for version information

Verify Fix Applied:

Verify that script payloads submitted through forms are properly sanitized and do not execute

📡 Detection & Monitoring

Log Indicators:

Unusual form submissions with script tags or JavaScript code
Multiple failed login attempts from same session

Network Indicators:

HTTP requests containing script payloads in form parameters

SIEM Query:

source="web_logs" AND (form_data CONTAINS "<script>" OR form_data CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2025-5591

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (9.5th percentile)

Published: January 5, 2026

Last Updated: January 22, 2026

🔗 References

https://www.themissinglink.com.au/security-advisories/cve-2025-5591 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5591, you might also want to check these: