VYPR
Unrated severityNVD Advisory· Published Jan 13, 2015· Updated Jun 17, 2026

CVE-2014-100004

CVE-2014-100004

Description

Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sitecore/CMS2 versions
    cpe:2.3:a:sitecore:cms:*:3:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sitecore:cms:*:3:*:*:*:*:*:*range: <=7.0
    • (no CPE)range: <7.0 Update-4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.