Shodan
Vulnerabilities
Vulnerable Software
Sitecore:  >> Cms  >> 7.2  Security Vulnerabilities
CVE-2019-11198
Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-05
CVE-2019-9874
Known exploited
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
CVSS Score
9.8
EPSS Score
0.184
Published
2019-05-31
CVE-2019-9875
Known exploited
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
CVSS Score
8.8
EPSS Score
0.119
Published
2019-05-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved