Vulnerabilities > Sitecore

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-23	CVE-2017-9356	Cross-site Scripting vulnerability in Sitecore Sitecore.Net 7.1/7.2 Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. network low complexity sitecore CWE-79	6.1
2017-05-23	CVE-2017-5966	Path Traversal vulnerability in Sitecore CRM 8.1 Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. network low complexity sitecore CWE-22	4.9
2017-05-23	CVE-2017-5965	Unspecified vulnerability in Sitecore CRM 8.1 The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. local low complexity sitecore	6.7
2017-03-19	CVE-2016-8855	Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1 Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. network low complexity sitecore CWE-79	6.1

Vulnerabilities > Sitecore {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sitecore"}]}