What is CVE-2021-47711?

CVE-2021-47711 is a high-severity vulnerability in Kentico Xperience, classified under SQL Injection. CVSS score: 8.8/10. Published 2025-12-18.

How severe is CVE-2021-47711?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Kentico Xperience

CVE-2021-47711

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by expl…

Vulnerability class: SQL Injection

EPSS: 0.000 (10.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Kentico Xperience — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

Kentico DevNet Hotfixes (vendor-advisory, patch)
VulnCheck Advisory: Kentico Xperience <= 13.0.52 Online Marketing Macros SQL Injection (third-party-advisory)

Frequently asked questions

What is CVE-2021-47711?: CVE-2021-47711 is a high-severity vulnerability in Kentico Xperience, classified under SQL Injection. CVSS score: 8.8/10. Published 2025-12-18.
How severe is CVE-2021-47711?: High severity. CVSS v3 base score is 8.8 out of 10.