Published: 19/03/2017 Updated: 21/03/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sitecore experience platform 8.1

# Exploit Title: Stored Cross Site Scripting (XSS) in Sitecore Experience Platform 81 Update-3 # Date: March 15, 2017 # Exploit Author: Pralhad Chaskar # Vendor Homepage: wwwsitecorenet/en # Version: 81 rev 160519 # Tested on: Sitecore Experience Platform 81 Update-3 ie; 81 rev 160519 # CVE : CVE-2016-8855 Vendor Description ----- ...

Sitecore Experience Platform version 81 Update-3 suffers from a cross site scripting vulnerability ...

CWE-79 https://www.exploit-db.com/exploits/41618/https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/41618/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-8855

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect