Vulnerability Details CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.104
EPSS Ranking 92.9%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-26262
-
cpe:2.3:a:sitecore:experience_manager:10.1
-
cpe:2.3:a:sitecore:experience_manager:10.2
-
cpe:2.3:a:sitecore:experience_manager:10.3
-
cpe:2.3:a:sitecore:experience_manager:8.0
-
cpe:2.3:a:sitecore:experience_manager:9.0
-
cpe:2.3:a:sitecore:experience_manager:9.1
-
cpe:2.3:a:sitecore:experience_manager:9.2
-
cpe:2.3:a:sitecore:experience_manager:9.3
-
cpe:2.3:a:sitecore:experience_platform:10.0
-
cpe:2.3:a:sitecore:experience_platform:10.1
-
cpe:2.3:a:sitecore:experience_platform:10.2
-
cpe:2.3:a:sitecore:experience_platform:7.5
-
cpe:2.3:a:sitecore:experience_platform:8.0
-
cpe:2.3:a:sitecore:experience_platform:8.1
-
cpe:2.3:a:sitecore:experience_platform:8.2
-
cpe:2.3:a:sitecore:experience_platform:9.0
-
cpe:2.3:a:sitecore:experience_platform:9.1
-
cpe:2.3:a:sitecore:experience_platform:9.1.1
-
cpe:2.3:a:sitecore:experience_platform:9.2
-
cpe:2.3:a:sitecore:experience_platform:9.3