CVE-2025-32369

Medium CVSS: 6.4

Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.

Vendor

Kentico

Product

Xperience

CWE

CWE-79

Yayın Tarihi

2025-04-06 06:15:15

Güncelleme

2025-04-08 17:27:42

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Xperience MEDIUM Kentico 2025

Referanslar

https://devnet.kentico.com/download/hotfixes https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/

Benzer Kayıtlar

High

CVE-2025-5591

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to…

Medium

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form v…

Medium

CVE-2024-58322

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious code into shipping…

Medium

CVE-2024-58323

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Ch…

Medium

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when sett…

Medium

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the ri…