Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

Sitecore Experience Platform <= 10.4 - Arbitrary File Read

An issue was discovered in Sitecore Experience Platform XP, Experience Manager XM, and Experience Commerce XC 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. id: CVE-2024-46938 info: name: Sitecore Experience Platform = 10.4 - Arbitrary File...

Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization

Sitecore Experience Manager XM and Experience Platform XP 10.4 before KB1002844 allow remote code execution through insecure deserialization. id: CVE-2025-27218 info: name: Sitecore Experience Manager XM/Experience Platform XP 10.4 - Insecure Deserialization author: iamnoooob,rootxharsh,pdresearc...

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

Sitecore - Remote Code Execution

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...

Sitecore Experience Platform Pre-Auth RCE

Sitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack where remote commands can be executed by an attacker with no authentication or special configuration required. id: CVE-2021-42237 info: name: Sitecore Experience Platform Pre-Auth RCE author: pdteam...

📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials

Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...

Malicious Package

Overview react-sitecore-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion

A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837 , assessed it to be a China-nexus advanced persistent threat APT actor with medium...

MAL-2026-301 Malicious code in react-sitecore-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bcb38af52d8a28ad89a31c0415f1673eb2ca18ec76121703ded6334a6b7e6d2 The package react-sitecore-library was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3060

Malicious code in react-sitecore-library npm...

Malicious code in react-sitecore-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bcb38af52d8a28ad89a31c0415f1673eb2ca18ec76121703ded6334a6b7e6d2 The package react-sitecore-library was found to contain malicious code. Source: ghsa-malware...

UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat APT actor based on overlaps in tactics, techniques, and procedures TTPs with those of other known China-nexus threat actors. Based on UAT-8837's TTPs and...

CVE-2019-11080

Sitecore Experience Platform XP prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object...

Sitecore Debug Page Detected

Sitecore is a popular web content management system WCMS used for building and managing websites. When the debug page is accessible, it can expose sensitive information about the application's configuration, environment, and code structure. This information can be exploited by attackers to identi...

Exploit for Code Injection in Sitecore Experience_Commerce

CVE-...

Exploit for Deserialization of Untrusted Data in Sitecore Experience_Commerce

PoC exploit for CVE-2025-53690, a vulnerability in a .NET framew...

EUVD-2020-30800

Malware in sbrugna...

EUVD-2019-2902

Malware in sbrugna...