Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://devnet.kentico.com/download/hotfixes |
![]() ![]() |
Mon, 22 Sep 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:* |
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Mon, 24 Mar 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 24 Mar 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | |
Title | Kentico Xperience stored cross-site scripting in multiple-file upload functionality | |
Weaknesses | CWE-434 CWE-79 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2025-03-24T18:34:07.933Z
Reserved: 2025-03-24T16:39:15.399Z
Link: CVE-2025-2748

Updated: 2025-03-24T18:34:01.445Z

Status : Analyzed
Published: 2025-03-24T19:15:52.270
Modified: 2025-09-22T18:51:01.330
Link: CVE-2025-2748

No data.

Updated: 2025-07-12T15:26:07Z