CVSS: 9.8EPSS: 74%CPEs: 4EXPL: 2CVE-2023-35813 – Sitecore 8.2 Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-35813
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. Sitecore version 8.2 suffers from a remote code execution vulnerability. • https://github.com/aalexpereira/CVE-2023-35813 https://github.com/BagheeraAltered/CVE-2023-35813-PoC https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1002979 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27068
https://notcve.org/view.php?id=CVE-2023-27068
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes https://www.sitecore.com/products/sitecore-experience-platform • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27066
https://notcve.org/view.php?id=CVE-2023-27066
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27067
https://notcve.org/view.php?id=CVE-2023-27067
Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26262
https://notcve.org/view.php?id=CVE-2023-26262
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. • https://github.com/istern/CVE-2023-26262 https://www.sitecore.com/trust • CWE-434: Unrestricted Upload of File with Dangerous Type •