Volerion logoVolerion
Volerion logoVolerion

Kentico Xperience Unauthenticated File Upload Vulnerability Leading to Cross-Site Scripting

Vulnerability

A vulnerability in Kentico Xperience versions prior to 13.0.178 allows for unauthenticated file uploads through the 'ContentUploader' handler. While the default extension whitelist does not include SVG files, uploaded ZIP files can be processed to extract SVGs, which can then be used to execute scripts in the user's browser, creating a Cross-Site Scripting (XSS) vulnerability. This XSS can be exploited to achieve remote code execution in conjunction with another vulnerability, as detailed in the watchTowr Labs blog.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting (XSS), which can be leveraged to execute scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, upload a ZIP file containing a malicious SVG file to the 'ContentUploader' handler. Then, use the 'GetResourceHandler' to fetch the SVG file, triggering the XSS by accessing the URL where the SVG is stored.

Remediation

Users should upgrade to Kentico Xperience version 13.0.178 or later.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
3.8
exploitability
7.8
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.