Shodan
Vulnerabilities
Vulnerable Software
Sitecore:  Security Vulnerabilities
CVE-2023-33652
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
CVSS Score
8.8
EPSS Score
0.028
Published
2023-06-06
CVE-2023-33653
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.
CVSS Score
8.8
EPSS Score
0.021
Published
2023-06-06
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-05-23
CVE-2023-27067
Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx
CVSS Score
7.5
EPSS Score
0.005
Published
2023-05-22
CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-05-22
CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
CVSS Score
7.2
EPSS Score
0.074
Published
2023-03-14
CVE-2021-42237
Known exploited
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVSS Score
9.8
EPSS Score
0.944
Published
2021-11-05
CVE-2021-38366
Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an admin/Packages URL.
CVSS Score
8.8
EPSS Score
0.028
Published
2021-08-12
CVE-2019-11198
Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-05
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved