Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore experience platform vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore Experience Platform 7.5
Sitecore Experience Platform 8.0
Sitecore Experience Platform 8.1
Sitecore Experience Platform 8.2
3 Github repositories
7.5
CVSSv3
CVE-2023-33651
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows malicious users to bypass authorization rules.
Sitecore Experience Commerce
Sitecore Experience Manager
Sitecore Experience Platform
Sitecore Managed Cloud -
9.8
CVSSv3
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce up to and including 10.3.
Sitecore Experience Platform
Sitecore Managed Cloud
Sitecore Experience Commerce
Sitecore Experience Manager
1 Github repository
7.2
CVSSv3
CVE-2023-26262
An issue exists in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
Sitecore Experience Manager
Sitecore Experience Platform
9.8
CVSSv3
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated malicious user to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSR...
Sitecore Cms
Sitecore Experience Platform
8.8
CVSSv3
CVE-2019-11080
Sitecore Experience Platform (XP) before 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Sitecore Experience Platform
1 EDB exploit
6.5
CVSSv3
CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and previous versions allows authenticated remote malicious users to download arbitrary files via Urlhandle.
Sitecore Experience Platform
7.5
CVSSv3
CVE-2023-27067
Directory Traversal vulnerability in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to download arbitrary files via crafted command to download.aspx
Sitecore Experience Platform
9.8
CVSSv3
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to run arbitrary code via ValidationResult.aspx.
Sitecore Experience Platform
6.1
CVSSv3
CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Sitecore Experience Platform 8.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »