Vulnerabilities > Sitecore > Experience Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-27066 Path Traversal vulnerability in Sitecore Experience Platform
Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.
network
low complexity
sitecore CWE-22
6.5
2019-07-17 CVE-2019-13493 Cross-site Scripting vulnerability in Sitecore Experience Platform 9.0
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager.
network
low complexity
sitecore CWE-79
5.4
2017-03-19 CVE-2016-8855 Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev.
network
low complexity
sitecore CWE-79
6.1