VDB
CVE-2025-2748
CVE-2025-2748
PUBLISHED
CVSS 6.099999904632568 MEDIUM
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.
EPSS 0.54% · 68.1th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.54%
68.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kentico | Xperience | 0, 0 |
| kentico | xperience | 0, 0, 0 |
Exploit Intelligence
- (crowdsec)
- (crowdsec)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS (github-poc)
- CIRCL seen: CVE-2025-2748 (circl-sighting)
…and 89 more exploits
Timeline
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 20, 1970 CrowdSec Sighting
- Jan 21, 1970 VulnCheck XDB Entry
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Jan 21, 1970 CrowdSec Sighting
- Nov 26, 2021 CrowdSec Sighting
References
- https://devnet.kentico.com/download/hotfixes vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-2748 advisory