Security Advisory

CVE-2020-36891

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-18 19:53:26

Last updated 2025-12-30 14:09:07

Assigner VulnCheck

State PUBLISHED

Description

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute in users browsers.

← Browse all CVEs View on cve.org ↗