CVE-2020-36891

Name of the Vulnerable Software and Affected Versions Kentico Xperience (affected versions not specified)

Description A stored cross-site scripting issue exists in Kentico Xperience. Attackers can upload files with a manipulated Content-Type that does not align with the file extension. This allows attackers to upload malicious files, leading to the execution of malicious scripts in the browsers of users. The vulnerability involves exploiting the system by uploading files with spoofed MIME types.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.