Unrated severityNVD Advisory· Published Mar 24, 2025· Updated Dec 27, 2025
Kentico Xperience stored cross-site scripting in multiple-file upload functionality
CVE-2025-2748
Description
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- devnet.kentico.com/download/hotfixesmitrevendor-advisorypatch
News mentions
0No linked articles in our index yet.