Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-100004
Cross-site scripting (XSS) vulnerability in Sitecore CMS prior to 7.0 Update-4 (rev. 140120) allows remote malicious users to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information...
Sitecore Cms
6.5
CVSSv2
CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore up to and including 9.1 allows an authenticated malicious user to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
Sitecore Cms
4.3
CVSSv2
CVE-2019-11198
Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes...
Sitecore Cms
7.5
CVSSv2
CVE-2019-12440
The Sitecore Rocks plugin prior to 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
Sitecore Rocks
6.5
CVSSv2
CVE-2017-5965
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackag...
Sitecore Crm 8.1
4
CVSSv2
CVE-2017-5966
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
Sitecore Crm 8.1
6.8
CVSSv2
CVE-2009-4367
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and previous versions allows remote malicious users to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear th...
Sitecore Staging Module
1 EDB exploit
3.5
CVSSv2
CVE-2017-11439
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
Sitecore Cms 8.2
4
CVSSv2
CVE-2017-11440
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
Sitecore Cms 8.2
NA
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform up to and including 10.2 allows remote malicious users to run arbitrary code via ValidationResult.aspx.
Sitecore Experience Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »