NotCVE - vendor:"Sitecore" product:"Cms"

8 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-11198

https://notcve.org/view.php?id=CVE-2019-11198

05 Aug 2019 — Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog. Múltiples vulnerabilidad... • https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/92/Sitecore%20Experience%20Platform%2092%20Initial%20Release/Release%20Notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 15%CPEs: 1EXPL: 1

CVE-2019-9875 – Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

https://notcve.org/view.php?id=CVE-2019-9875

31 May 2019 — Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. La deserialización de datos no confiables en el módulo anti CSRF en Sitecore hasta la versón 9.1, permite a un atacante identificado ejecutar código arbitrario mediante el envío un objeto .NET serializado dentro de un parámetro POST de HTTP. Sitecore CMS and Experience Platform (XP) contain a deserializatio... • https://dev.sitecore.net/Downloads.aspx • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 23%CPEs: 2EXPL: 1

CVE-2019-9874 – Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability

https://notcve.org/view.php?id=CVE-2019-9874

31 May 2019 — Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. La deserialización de datos no seguros en el módulo Sitecore.Security.AntiCSRF (conocido como CSRF) en Sitecore CMS versión 7.0 hasta 7.2 y Sitecore XP verisón 7.5 hasta 8.2, permite a un atacante no identificado ejecutar código a... • https://dev.sitecore.net/Downloads.aspx • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2017-11439

https://notcve.org/view.php?id=CVE-2017-11439

19 Jul 2017 — In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. En Sitecore versión 8.2, se presenta un problema de tipo XSS reflejado del parámetro Program del archivo shell/Applications/Tools/Run. • https://packetstormsecurity.com/files/143357/Sitecore-CMS-8.2-Cross-Site-Scripting-File-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2

CVE-2017-11440

https://notcve.org/view.php?id=CVE-2017-11440

19 Jul 2017 — In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. En Sitecore versión 8.2, se presenta un salto de ruta (path) de acceso absoluto por medio del parámetro fi del archivo shell/Applications/Layouts/IDE.aspx y el parámetro Reference del archivo admin/LinqScratchPad.aspx. • https://packetstormsecurity.com/files/143357/Sitecore-CMS-8.2-Cross-Site-Scripting-File-Disclosure.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-100004

https://notcve.org/view.php?id=CVE-2014-100004

13 Jan 2015 — Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information. Vulnerabilidad de XSS en Sitecore CMS anterior a 7.0 actualización-4 (rev. 140120) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro xmlcontrol en la URI por defecto. NOTA: algunos d... • http://osvdb.org/102660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 2

CVE-2009-2163 – Sitecore CMS 6.0.0 rev. 090120 - 'default.aspx' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-2163

22 Jun 2009 — Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sitecore CMS versiones anteriores a v6.0.2 Update-1 090507 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro "sc_error". • https://www.exploit-db.com/exploits/34930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2009-1055

https://notcve.org/view.php?id=CVE-2009-1055

24 Mar 2009 — Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests. Vulnerabilidad inespecífica en el servicio web en Sitecore CMS v5.3.1 rev. 071114 permite a usuarios remotos autenticados conseguir acceso a las bases de datos de seguridad, y obtener credenciales administrativas y de usuario, a través de vectores desconocido... • http://sdn5.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%205%2C-d-%2C3/ReleaseNotes/V5%2C-d-%2C3%2C-d-%2C2/ChangeLog.aspx •