Pavaris Jintanapramoth

**Name of the Vulnerable Software and Affected Versions** Kentico Xperience version 13.0.44 **Description** The issue allows for cross-site scripting (XSS) via an XML document to the Media Libraries subsystem. **Recommendations** For Kentico Xperience version 13.0.44, consider restricting access to the Media Libraries subsystem until a patch is available. As a temporary workaround, avoid using XML documents in this subsystem to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Kentico version 10.0.42 **Description** The issue allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. The vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time. **Recommendations** For Kentico version 10.0.42, consider restricting access to the SMTP configuration page to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the privileges of Global Administrators to prevent them from accessing sensitive information like the cleartext SMTP Password.