[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"vulnerability-26950":17,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":45},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},{"id":18,"detectable_with":19,"vuln_details":26,"vuln_id":42,"name":43,"published":44,"updated":27},26950,{"tool":20,"engine":23},{"id":21,"name":22},1,"Network Scanner",{"id":24,"name":25},2,"Nuclei",{"id":18,"codename":27,"description":27,"severity":28,"risk_description":29,"public_description":30,"public_recommendation":31,"recommendation":27,"references":32,"cvssv3":35,"epss_score":36,"epss_percentile":37,"cve":38,"in_cisa_catalog":40,"date":41,"software_type":27,"vendor":27,"product":27,"ptt_exploit_capabilities":27},null,"medium","Unauthenticated attackers can upload malicious SVG files containing JavaScript payloads that persist on the server, allowing stored XSS attacks when the files are accessed by authenticated users.","The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.","Upgrade to Kentico Xperience version 13.0.179 or later that properly validates and sanitizes uploaded files.",[33,34],"https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/","https://devnet.kentico.com/download/hotfixes",6.5,0.00192,0.41145,[39],"CVE-2025-2748",false,"2025-03-24T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2025-2748","Kentico Xperience CMS - Unauthenticated Stored XSS","2025-04-02T00:00:00Z",["Island",46],{"key":47,"params":48,"result":50},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":49},"{\"text-color\":\"gray\"}",{"head":51},{}]