CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
45.1%
An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
Vendor | Product | Version | CPE |
---|---|---|---|
sitecore | experience_manager | * | cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:* |
sitecore | experience_platform | * | cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:* |