Immonex Kickstart
Monthly
A Stored Cross-Site Scripting (XSS) vulnerability exists in immonex Kickstart through version 1.13.0, allowing authenticated attackers to inject malicious scripts that persist in the application and execute in the browsers of other users who view the affected content. An attacker with login credentials can craft malicious input that bypasses input sanitization during web page generation, resulting in arbitrary JavaScript execution with access to session cookies, user data, and the ability to perform actions on behalf of victims. While no KEV or widespread exploitation data is available for this CVE, the vulnerability is exploitable with low attack complexity and requires only user interaction (UI click), making it a moderate-to-high priority for organizations running immonex Kickstart.
A Stored Cross-Site Scripting (XSS) vulnerability exists in immonex Kickstart through version 1.13.0, allowing authenticated attackers to inject malicious scripts that persist in the application and execute in the browsers of other users who view the affected content. An attacker with login credentials can craft malicious input that bypasses input sanitization during web page generation, resulting in arbitrary JavaScript execution with access to session cookies, user data, and the ability to perform actions on behalf of victims. While no KEV or widespread exploitation data is available for this CVE, the vulnerability is exploitable with low attack complexity and requires only user interaction (UI click), making it a moderate-to-high priority for organizations running immonex Kickstart.