Lucene search

K
KenticoXperience

5 matches found

CVE
CVE
added 2025/03/24 7:15 p.m.89 views

CVE-2025-2748

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

6.5CVSS7AI score0.00745EPSS
CVE
CVE
added 2025/04/06 7:15 a.m.68 views

CVE-2025-32370

Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not nec...

9.8CVSS7.1AI score0.00745EPSS
CVE
CVE
added 2025/04/06 6:15 a.m.57 views

CVE-2025-32369

Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.

6.4CVSS6.5AI score0.00745EPSS
CVE
CVE
added 2025/03/31 5:15 p.m.51 views

CVE-2025-2794

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180.

7.5CVSS7.5AI score0.00134EPSS
CVE
CVE
added 2021/12/03 3:15 p.m.31 views

CVE-2021-43991

The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerou...

6.8CVSS5.5AI score0.00282EPSS