Vulnerability Details CVE-2025-2748
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-2748
-
cpe:2.3:a:kentico:xperience:13.0.165
-
cpe:2.3:a:kentico:xperience:13.0.166
-
cpe:2.3:a:kentico:xperience:13.0.167
-
cpe:2.3:a:kentico:xperience:13.0.168
-
cpe:2.3:a:kentico:xperience:13.0.169
-
cpe:2.3:a:kentico:xperience:13.0.170
-
cpe:2.3:a:kentico:xperience:13.0.171
-
cpe:2.3:a:kentico:xperience:13.0.172
-
cpe:2.3:a:kentico:xperience:13.0.173
-
cpe:2.3:a:kentico:xperience:13.0.174
-
cpe:2.3:a:kentico:xperience:13.0.175
-
cpe:2.3:a:kentico:xperience:13.0.176
-
cpe:2.3:a:kentico:xperience:13.0.177
-
cpe:2.3:a:kentico:xperience:13.0.178