VYPR

Sitecore.net

by Sitecore

CVEs (5)

  • CVE-2018-7669HigApr 27, 2018
    risk 0.53cvss 7.5epss 0.17

    An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a…

  • CVE-2017-9356MedJun 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.

  • CVE-2017-11439MedJul 19, 2017
    risk 0.35cvss 5.4epss 0.01

    In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.

  • CVE-2019-9874KEVMay 31, 2019
    risk 0.19cvss epss 0.84

    Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter…

  • CVE-2019-9875KEVMay 31, 2019
    risk 0.17cvss epss 0.14

    Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.