CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27066
https://notcve.org/view.php?id=CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27067
https://notcve.org/view.php?id=CVE-2023-27067
Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26262
https://notcve.org/view.php?id=CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. • https://github.com/istern/CVE-2023-26262 https://www.sitecore.com/trust • CWE-434: Unrestricted Upload of File with Dangerous Type •