Vulnerabilities > Sitecore > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-21 | CVE-2009-4367 | Improper Authentication vulnerability in Sitecore Staging Module The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. | 6.8 |
| 2009-06-22 | CVE-2009-2163 | Cross-Site Scripting vulnerability in Sitecore CMS 5.3.0/5.3.1/6.0.1 Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter. | 4.3 |