CVE-2025-32369

MEDIUM

Kentico Xperience < 13.0.181 - Authenticated Stored Cross-Site Scripting via Media Library File Upload

Title source: llm
STIX 2.1

Description

Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature.

Scores

CVSS v3 6.4
EPSS 0.0025
EPSS Percentile 16.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
kentico/xperience < 13.0.181
Published Apr 06, 2025
Tracked Since Feb 18, 2026