Xperience Security Vulnerabilities and Issues — Xperience CVE List

Lucene search

KenticoXperience

3 matches found

CVE•added 2025/04/06 7:15 a.m.•66 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not nec...

9.8CVSS7.1AI score0.01799EPSS

CVE•added 2025/04/06 6:15 a.m.•56 views

CVE-2025-32369

Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.

6.4CVSS6.5AI score0.01799EPSS

CVE•added 2021/12/03 3:15 p.m.•31 views

CVE-2021-43991

The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerou...

6.8CVSS5.5AI score0.00282EPSS