CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2016-8855 – Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. XSS en "/sitecore/client/Applications/List Manager/Taskpages/Contact list" en Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) permite ataques remotos a través del parámetro Name o Description. Esto se soluciona en 8.2 Update-2. Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/41618 https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •