Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore sitecore vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore up to and including 9.1 allows an authenticated malicious user to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
Sitecore Cms
668
VMScore
CVE-2019-12440
The Sitecore Rocks plugin prior to 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
Sitecore Rocks
383
VMScore
CVE-2014-100004
Cross-site scripting (XSS) vulnerability in Sitecore CMS prior to 7.0 Update-4 (rev. 140120) allows remote malicious users to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information...
Sitecore Cms
383
VMScore
CVE-2019-11198
Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes...
Sitecore Cms
NA
CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and previous versions allows authenticated remote malicious users to download arbitrary files via Urlhandle.
Sitecore Experience Platform
NA
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to run arbitrary code via ValidationResult.aspx.
Sitecore Experience Platform
356
VMScore
CVE-2017-11440
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
Sitecore Cms 8.2
312
VMScore
CVE-2017-11439
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
Sitecore Cms 8.2
578
VMScore
CVE-2017-5965
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackag...
Sitecore Crm 8.1
356
VMScore
CVE-2017-5966
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
Sitecore Crm 8.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »