Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/04/08 12:41 a.m.18 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

9.8CVSS7.3AI score0.01412EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2025/04/06 12:0 a.m.9 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

7.2CVSS7AI score0.01412EPSS
Exploits3References2
CVE
CVE
added 2025/04/06 12:0 a.m.84 views

CVE-2025-32370

Kentico Xperience suffers from cross-site scripting vulnerabilities related to file uploads and content handling. The primary CVE entry (CVE-2025-32370) notes that Kentico Xperience before 13.0.178 restricts some ContentUploader extensions for unauthenticated uploads, but .zip processing via TryZ...

9.8CVSS7.1AI score0.01412EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2025/04/06 12:0 a.m.19 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...

7.2CVSS0.01412EPSS
Exploits3References2
Rows per page
Query Builder