RSS   Vulnerabilities for 'Experience platform'   RSS

2021-11-05
 
CVE-2021-42237

CWE-502
 

 
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.

 
2019-07-17
 
CVE-2019-13493

CWE-79
 

 
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.

 
2017-03-19
 
CVE-2016-8855

 

 
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.

 

 >>> Vendor: Sitecore 5 Products
CMS
Staging module
CRM
Experience platform
Sitecore.net


Copyright 2024, cxsecurity.com

 

Back to Top