Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore sitecore vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and previous versions allows authenticated remote malicious users to download arbitrary files via Urlhandle.
Sitecore Experience Platform
7.5
CVSSv3
CVE-2023-27067
Directory Traversal vulnerability in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to download arbitrary files via crafted command to download.aspx
Sitecore Experience Platform
9.8
CVSSv3
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to run arbitrary code via ValidationResult.aspx.
Sitecore Experience Platform
6.1
CVSSv3
CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Sitecore Experience Platform 8.1
1 EDB exploit
5.4
CVSSv3
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Sitecore Experience Platform 9.0
1 EDB exploit
8.8
CVSSv3
CVE-2023-33652
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
Sitecore Experience Platform 9.3
8.8
CVSSv3
CVE-2023-33653
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
Sitecore Experience Platform 9.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3