Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sitecore sitecore vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2009-2163
Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS prior to 6.0.2 Update-1 090507 allows remote malicious users to inject arbitrary web script or HTML via the sc_error parameter.
Sitecore Cms 5.3.0
Sitecore Cms 5.3.1
Sitecore Cms 6.0.1
Sitecore Cms
1 EDB exploit
NA
CVE-2023-33651
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows malicious users to bypass authorization rules.
Sitecore Experience Commerce
Sitecore Experience Manager
Sitecore Experience Platform
Sitecore Managed Cloud -
NA
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce up to and including 10.3.
Sitecore Experience Platform
Sitecore Managed Cloud
Sitecore Experience Commerce
Sitecore Experience Manager
1 Github repository
605
VMScore
CVE-2021-38366
Sitecore up to and including 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
Sitecore Sitecore
891
VMScore
CVE-2021-42237
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
Sitecore Experience Platform 7.5
Sitecore Experience Platform 8.0
Sitecore Experience Platform 8.1
Sitecore Experience Platform 8.2
3 Github repositories
785
VMScore
CVE-2018-7669
An issue exists in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an malicious user to access arbitrary files from the host Operating System using a sitecore/shell/def...
Sitecore Sitecore.net 8.1
Sitecore Sitecore.net
1 EDB exploit
1 Github repository
668
VMScore
CVE-2019-9874
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated malicious user to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSR...
Sitecore Cms
Sitecore Experience Platform
NA
CVE-2023-26262
An issue exists in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
Sitecore Experience Manager
Sitecore Experience Platform
356
VMScore
CVE-2009-1055
Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
Sitecore Cms 5.3.0
Sitecore Cms 5.3.1
383
VMScore
CVE-2017-9356
Sitecore.NET 7.1 up to and including 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
Sitecore Sitecore.net 7.2
Sitecore Sitecore.net 7.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »