7 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes https://www.sitecore.com/products/sitecore-experience-platform • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. • https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. • https://github.com/istern/CVE-2023-26262 https://www.sitecore.com/trust • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 97%CPEs: 24EXPL: 3

Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. Sitecore XP Versión Inicial 7.5 a Sitecore XP 8.2 Update-7, es vulnerable a un ataque de deserialización no segura donde es posible lograr una ejecución de comandos remotos en la máquina. No es requerida ninguna autenticación ni configuración especial para explotar esta vulnerabilidad Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. • https://github.com/ItsIgnacioPortal/CVE-2021-42237 https://github.com/vesperp/CVE-2021-42237-SiteCore-XP http://packetstormsecurity.com/files/164988/Sitecore-Experience-Platform-XP-Remote-Code-Execution.html http://sitecore.com https://blog.assetnote.io/2021/11/02/sitecore-rce https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776 • CWE-502: Deserialization of Untrusted Data •