Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Vulnerability Type
隐藏功能
Vulnerability Title
Kentico Xperience 安全漏洞
Vulnerability Description
Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience 13.0.178之前版本存在安全漏洞,该漏洞源于允许上传.zip文件可能导致创建其他扩展名的文件。
CVSS Information
N/A
Vulnerability Type
N/A