Security advisory 2024-12-05
Reflected cross-site scripting (XSS) attack via logger endpoint
CVSS: 6.9
Affected versions: 22.0.0 - 29.7.3
Category: XSS
Summary
The kenticoactivitylogger endpoint was vulnerable to reflected cross-site scripting attacks (XSS) due to improper input validation of the request parameters. To eliminate this vulnerability, additional validation was added to the logger endpoint.
How to fix
Update to the latest version. See Update Xperience by Kentico projects for detailed instructions.