Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore experience manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33651
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows malicious users to bypass authorization rules.
Sitecore Experience Commerce
Sitecore Experience Manager
Sitecore Experience Platform
Sitecore Managed Cloud -
NA
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce up to and including 10.3.
Sitecore Experience Platform
Sitecore Managed Cloud
Sitecore Experience Commerce
Sitecore Experience Manager
1 Github repository
NA
CVE-2023-26262
An issue exists in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
Sitecore Experience Manager
Sitecore Experience Platform
355
VMScore
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Sitecore Experience Platform 9.0
1 EDB exploit
435
VMScore
CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Sitecore Experience Platform 8.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started