CVE-2025-2748

Medium CVSS: 6.1

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

Vendor

Kentico

Product

Xperience

CWE

CWE-79

Yayın Tarihi

2025-03-24 19:15:52

Güncelleme

2025-12-27 17:15:47

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Xperience MEDIUM Kentico 2025

Referanslar

https://devnet.kentico.com/download/hotfixes

Benzer Kayıtlar

High

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to…

Medium

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form v…

Medium

CVE-2024-58322

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping…

Medium

CVE-2024-58323

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Ch…

Medium

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when sett…

Medium

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the ri…