Vulnerabilities > Sitecore

DATE CVE VULNERABILITY TITLE RISK
2017-06-23 CVE-2017-9356 Cross-site Scripting vulnerability in Sitecore Sitecore.Net 7.1/7.2
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
network
sitecore CWE-79
4.3
2017-05-23 CVE-2017-5966 Path Traversal vulnerability in Sitecore CRM 8.1
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
network
low complexity
sitecore CWE-22
4.0
2017-05-23 CVE-2017-5965 Unspecified vulnerability in Sitecore CRM 8.1
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.
network
low complexity
sitecore
6.5
2017-03-19 CVE-2016-8855 Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev.
network
sitecore CWE-79
4.3
2015-01-13 CVE-2014-100004 Cross-site Scripting vulnerability in Sitecore CMS 7.0
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev.
network
sitecore CWE-79
4.3
2009-12-21 CVE-2009-4367 Improper Authentication vulnerability in Sitecore Staging Module
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
network
sitecore CWE-287
6.8
2009-06-22 CVE-2009-2163 Cross-Site Scripting vulnerability in Sitecore CMS 5.3.0/5.3.1/6.0.1
Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.
network
sitecore CWE-79
4.3