Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce up to and including 10.3.
Sitecore Experience Platform
Sitecore Managed Cloud
Sitecore Experience Commerce
Sitecore Experience Manager
1 Github repository
9.8
CVSSv3
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to run arbitrary code via ValidationResult.aspx.
Sitecore Experience Platform
9.8
CVSSv3
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore Experience Platform 7.5
Sitecore Experience Platform 8.0
Sitecore Experience Platform 8.1
Sitecore Experience Platform 8.2
3 Github repositories
9.8
CVSSv3
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated malicious user to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSR...
Sitecore Cms
Sitecore Experience Platform
9.8
CVSSv3
CVE-2019-12440
The Sitecore Rocks plugin prior to 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
Sitecore Rocks
8.8
CVSSv3
CVE-2023-33653
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
Sitecore Experience Platform 9.3
8.8
CVSSv3
CVE-2023-33652
Sitecore Experience Platform (XP) v9.3 exists to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
Sitecore Experience Platform 9.3
8.8
CVSSv3
CVE-2021-38366
Sitecore up to and including 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
Sitecore Sitecore
8.8
CVSSv3
CVE-2019-11080
Sitecore Experience Platform (XP) before 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Sitecore Experience Platform
1 EDB exploit
8.8
CVSSv3
CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore up to and including 9.1 allows an authenticated malicious user to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
Sitecore Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »