CVE-2020-36891 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. A…
Medium CVSS: 5.1

CVE-2020-36891

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute in users' browsers.
Vendor
Kentico
Product
Xperience
CWE
CWE-79
Yayın Tarihi
2025-12-18 20:15:49
Güncelleme
2025-12-27 17:15:40
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-79 Xperience MEDIUM Kentico 2025

Referanslar

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-file-upload-stored-xss