Vulnerabilities > CVE-2023-33653 - Unspecified vulnerability in Sitecore Experience Platform 9.3

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sitecore

NVD

Published: 2023-06-06

Updated: 2023-06-14

Summary

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML.

Vulnerable Configurations

Part	Description	Count
Application	Sitecore Sitecore Experience Platform 9.3	1

References

https://blog.assetnote.io/2023/05/10/sitecore-round-two/