Security advisory 2024-12-05

Reflected cross-site scripting (XSS) attack via logger endpoint

CVSS: 6.9
Affected versions: 22.0.0 - 29.7.3
Category: XSS

Summary

The kenticoactivitylogger endpoint was vulnerable to reflected cross-site scripting attacks (XSS) due to improper input validation of the request parameters. To eliminate this vulnerability, additional validation was added to the logger endpoint.

How to fix

Update to the latest version. See Update Xperience by Kentico projects for detailed instructions.