Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore experience platform 8.2 vulnerabilities and exploits
(subscribe to this query)
891
VMScore
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore Experience Platform 7.5
Sitecore Experience Platform 8.0
Sitecore Experience Platform 8.1
Sitecore Experience Platform 8.2
3 Github repositories
NA
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce up to and including 10.3.
Sitecore Experience Platform
Sitecore Managed Cloud
Sitecore Experience Commerce
Sitecore Experience Manager
1 Github repository
668
VMScore
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated malicious user to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSR...
Sitecore Cms
Sitecore Experience Platform
435
VMScore
CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Sitecore Experience Platform 8.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started