Shodan
Vulnerabilities
Vulnerable Software
Sitecore:  >> Experience Platform  >> 9.0  Security Vulnerabilities
CVE-2024-46938
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
CVSS Score
7.5
EPSS Score
0.919
Published
2024-09-15
CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
CVSS Score
9.8
EPSS Score
0.935
Published
2023-06-17
CVE-2023-33651
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-06-06
CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-05-23
CVE-2023-27067
Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx
CVSS Score
7.5
EPSS Score
0.005
Published
2023-05-22
CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-05-22
CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
CVSS Score
7.2
EPSS Score
0.071
Published
2023-03-14
CVE-2019-13493
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-07-17
CVE-2019-11080
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
CVSS Score
8.8
EPSS Score
0.257
Published
2019-06-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved