Home

Description

A CRLF injection vulnerability in Kentico Xperience allows attackers to manipulate URL query string redirects via improper encoding in the routing engine. This could enable header injection and potentially facilitate further web application attacks.

PUBLISHED Reserved 2025-12-17 | Published 2025-12-18 | Updated 2025-12-18 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Product status

Any version
affected

Credits

Tom Waldman finder

References

devnet.kentico.com/download/hotfixes (Kentico DevNet Hotfixes) vendor-advisory patch

www.vulncheck.com/...xperience-routing-engine-crlf-injection (VulnCheck Advisory: Kentico Xperience <= 13.0.79 Routing Engine CRLF Injection) third-party-advisory

cve.org (CVE-2022-50682)

nvd.nist.gov (CVE-2022-50682)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.