Sitecore.net
by Sitecore
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7669 | Hig | 0.53 | 7.5 | 0.17 | Apr 27, 2018 | An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a… | ||
| CVE-2017-9356 | Med | 0.40 | 6.1 | 0.01 | Jun 23, 2017 | Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI. | ||
| CVE-2017-11439 | Med | 0.35 | 5.4 | 0.01 | Jul 19, 2017 | In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | ||
| CVE-2019-9874 | 0.19 | — | 0.84 | KEV | May 31, 2019 | Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter… | ||
| CVE-2019-9875 | 0.17 | — | 0.14 | KEV | May 31, 2019 | Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. |
- risk 0.53cvss 7.5epss 0.17
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a…
- risk 0.40cvss 6.1epss 0.01
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
- risk 0.35cvss 5.4epss 0.01
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
- risk 0.19cvss —epss 0.84
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter…
- risk 0.17cvss —epss 0.14
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.