Filtered by vendor Sitecore
Subscriptions
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-35813 | 1 Sitecore | 4 Experience Commerce, Experience Manager, Experience Platform and 1 more | 2024-08-02 | 9.8 Critical |
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. | ||||
CVE-2023-33652 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 8.8 High |
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | ||||
CVE-2023-33651 | 1 Sitecore | 4 Experience Commerce, Experience Manager, Experience Platform and 1 more | 2024-08-02 | 7.5 High |
An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to bypass authorization rules. | ||||
CVE-2023-33653 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 8.8 High |
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML. | ||||
CVE-2023-27067 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 7.5 High |
Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | ||||
CVE-2023-27068 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 9.8 Critical |
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | ||||
CVE-2023-27066 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 6.5 Medium |
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | ||||
CVE-2023-26262 | 1 Sitecore | 2 Experience Manager, Experience Platform | 2024-08-02 | 7.2 High |
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server. |