Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2009-4367
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and previous versions allows remote malicious users to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear th...
Sitecore Staging Module
1 EDB exploit
3.5
CVSSv2
CVE-2017-11439
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
Sitecore Cms 8.2
4
CVSSv2
CVE-2017-11440
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
Sitecore Cms 8.2
4.3
CVSSv2
CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Sitecore Experience Platform 8.1
1 EDB exploit
3.5
CVSSv2
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Sitecore Experience Platform 9.0
1 EDB exploit
NA
CVE-2023-33652
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
Sitecore Experience Platform 9.3
NA
CVE-2023-33653
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
Sitecore Experience Platform 9.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3