Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore sitecore vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2017-11439
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
Sitecore Cms 8.2
356
VMScore
CVE-2017-11440
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
Sitecore Cms 8.2
685
VMScore
CVE-2009-4367
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and previous versions allows remote malicious users to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear th...
Sitecore Staging Module
1 EDB exploit
NA
CVE-2023-33652
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
Sitecore Experience Platform 9.3
NA
CVE-2023-33653
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
Sitecore Experience Platform 9.3
355
VMScore
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Sitecore Experience Platform 9.0
1 EDB exploit
435
VMScore
CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Sitecore Experience Platform 8.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3