8 results (0.010 seconds)

CVSS: 9.8EPSS: 82%CPEs: 4EXPL: 2

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. Sitecore version 8.2 suffers from a remote code execution vulnerability. • https://github.com/aalexpereira/CVE-2023-35813 https://github.com/BagheeraAltered/CVE-2023-35813-PoC https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002979 •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes https://www.sitecore.com/products/sitecore-experience-platform • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. • https://github.com/istern/CVE-2023-26262 https://www.sitecore.com/trust • CWE-434: Unrestricted Upload of File with Dangerous Type •