13.0.168

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-06	CVE-2025-32370	Unrestricted Upload of File with Dangerous Type vulnerability in Kentico Xperience Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. network low complexity kentico CWE-434 critical	9.8
2025-04-06	CVE-2025-32369	Cross-site Scripting vulnerability in Kentico Xperience Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature. network low complexity kentico CWE-79	5.4