Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Experience_platform
(Sitecore)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-03-14 | CVE-2023-26262 | An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. | Experience_manager, Experience_platform | 7.2 | ||
| 2021-11-05 | CVE-2021-42237 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. | Experience_platform | 9.8 | ||
| 2023-05-22 | CVE-2023-27066 | Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | Experience_platform | 6.5 | ||
| 2023-05-22 | CVE-2023-27067 | Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | Experience_platform | 7.5 |