Vulnerabilities > Sitecore

DATE CVE VULNERABILITY TITLE RISK
2017-06-23 CVE-2017-9356 Cross-site Scripting vulnerability in Sitecore Sitecore.Net 7.1/7.2
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
network
low complexity
sitecore CWE-79
6.1
2017-05-23 CVE-2017-5966 Path Traversal vulnerability in Sitecore CRM 8.1
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
network
low complexity
sitecore CWE-22
4.9
2017-05-23 CVE-2017-5965 Unspecified vulnerability in Sitecore CRM 8.1
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.
local
low complexity
sitecore
6.7
2017-03-19 CVE-2016-8855 Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev.
network
low complexity
sitecore CWE-79
6.1