Lucene search
K

7 matches found

Nuclei
Nuclei
added yesterday41 views

Kentico Xperience CMS - Unauthenticated Stored XSS

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. id: CVE-2025-2748 info: name: Kentico Xperience CMS - Unauthenticated Stored XSS author...

6.1CVSS7.1AI score0.59066EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/03/26 7:15 p.m.10 views

CVE-2025-2748

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

6.5CVSS7.1AI score0.59066EPSS
Exploits2References1
Circl
Circl
added 2025/03/24 10:35 p.m.29 views

CVE-2025-2748

creationtimestamp| type| source ---|---|--- 2025-03-24 22:35:05+00:00| seen| https://t.me/cvedetector/20993 2025-03-24 22:39:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ll5t66rlpk2e 2025-04-01 10:13:14+00:00| seen|...

6.1CVSS8.8AI score0.59066EPSS
Exploits2References22
OSV
OSV
added 2025/03/24 7:15 p.m.4 views

CVE-2025-2748

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

6.1CVSS7.5AI score0.59066EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/03/24 6:22 p.m.14 views

CVE-2025-2748 Kentico Xperience stored cross-site scripting in multiple-file upload functionality

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

6.1CVSS7AI score0.59066EPSS
Exploits2References1
CVE
CVE
added 2025/03/24 6:22 p.m.126 views

CVE-2025-2748

CVE-2025-2748 affects Kentico Xperience up to version 13.0.178. The vulnerability is an unauthenticated stored XSS caused by insufficient validation/filtering of files uploaded via the multiple-file upload feature. Remediation: upgrade to Kentico Xperience 13.0.179 or later (patches addressing th...

6.1CVSS7AI score0.59066EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2025/03/24 6:22 p.m.36 views

CVE-2025-2748 Kentico Xperience stored cross-site scripting in multiple-file upload functionality

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178...

6.1CVSS0.59066EPSS
Exploits2References1
Rows per page
Query Builder