Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-22	CVE-2023-27066	Path Traversal vulnerability in Sitecore Experience Platform 8.0 Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. network low complexity sitecore CWE-22	6.5
2019-08-05	CVE-2019-11198	Cross-site Scripting vulnerability in Sitecore CMS Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) #300583 - List Manager Dashboard module, (2) #307638 - Campaign Creator module, (3) #316994 - Attributes field, (4) I#316995 - Icon Selection module, (5) #317000 - Latitude field, (6) #317000 - Longitude field, (7) #317017 - UploadPackage2.aspx module, (8) #317072 - Context menu, or (9) I#317073 - Insert from Template dialog. network low complexity sitecore CWE-79	6.1
2019-07-17	CVE-2019-13493	Cross-site Scripting vulnerability in Sitecore Experience Platform 9.0 In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. network low complexity sitecore CWE-79	5.4
2017-07-19	CVE-2017-11440	Path Traversal vulnerability in Sitecore CMS 8.2 In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. network low complexity sitecore CWE-22	4.9
2017-07-19	CVE-2017-11439	Cross-site Scripting vulnerability in Sitecore CMS 8.2 In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. network low complexity sitecore CWE-79	5.4
2017-06-23	CVE-2017-9356	Cross-site Scripting vulnerability in Sitecore Sitecore.Net 7.1/7.2 Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. network low complexity sitecore CWE-79	6.1
2017-05-23	CVE-2017-5966	Path Traversal vulnerability in Sitecore CRM 8.1 Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. network low complexity sitecore CWE-22	4.9
2017-05-23	CVE-2017-5965	Unspecified vulnerability in Sitecore CRM 8.1 The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. local low complexity sitecore	6.7
2017-03-19	CVE-2016-8855	Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1 Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. network low complexity sitecore CWE-79	6.1