CVE-2025-2748

Medium

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows…

VulnCheck·CWE-79·Published 2025-03-24

CVSS

6.1

EPSS

0.52

KEV

Exploits

Vendor statements (1)

devnet.kentico.com

cve.orgen

209 chars

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

NVDes

244 chars

La aplicación Kentico Xperience no valida ni filtra completamente los archivos cargados a través de la funcionalidad de carga de múltiples archivos, que permite XSS almacenado. Este problema afecta a Kentico Xperience hasta la versión 13.0.178.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	6.1	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N