exploitDog

CVE-2025-2748

Опубликовано: 24 мар. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

Ссылки

https://devnet.kentico.com/download/hotfixes
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 13.0.178 (включая)

EPSS

Процентиль: 48%

0.00251

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-fx68-23vp-xpxr

CVSS3: 6.5

github

11 месяцев назад

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

EPSS

Процентиль: 48%

0.00251

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79