Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore Experience Platform 7.5
Sitecore Experience Platform 8.0
Sitecore Experience Platform 8.1
Sitecore Experience Platform 8.2
3 Github repositories
9
CVSSv2
CVE-2019-11080
Sitecore Experience Platform (XP) before 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Sitecore Experience Platform
1 EDB exploit
7.8
CVSSv2
CVE-2018-7669
An issue exists in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an malicious user to access arbitrary files from the host Operating System using a sitecore/shell/def...
Sitecore Sitecore.net 8.1
Sitecore Sitecore.net
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated malicious user to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSR...
Sitecore Cms
Sitecore Experience Platform
7.5
CVSSv2
CVE-2019-12440
The Sitecore Rocks plugin prior to 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.
Sitecore Rocks
6.8
CVSSv2
CVE-2021-38366
Sitecore up to and including 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
Sitecore Sitecore
6.8
CVSSv2
CVE-2009-4367
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and previous versions allows remote malicious users to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear th...
Sitecore Staging Module
1 EDB exploit
6.5
CVSSv2
CVE-2019-9875
Deserialization of Untrusted Data in the anti CSRF module in Sitecore up to and including 9.1 allows an authenticated malicious user to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
Sitecore Cms
6.5
CVSSv2
CVE-2017-5965
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackag...
Sitecore Crm 8.1
4.3
CVSSv2
CVE-2019-11198
Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes...
Sitecore Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »