Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday23 views

Sitecore Experience Platform - Deserialization of Untrusted Data

Sitecore Experience Platform before 8.2 Update-7 and 9.0 before Update-2 is vulnerable to a remote code execution vulnerability CVE-2019-9874. An attacker can exploit this issue to execute arbitrary code on the affected system via a crafted request to the...

9.8CVSS8.2AI score0.83857EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:58 a.m.6 views

CVE-2019-9874

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

9.8CVSS8AI score0.83857EPSS
Exploits1References1
Circl
Circl
added 2025/03/26 6:45 p.m.9 views

CVE-2019-9874

creationtimestamp| type| source ---|---|--- 2025-03-26 18:45:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llcgyjkq4x2s 2025-03-26 19:05:11+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llci45jqpj2n 2025-03-26 21:39:21+00:00| seen|...

9.8CVSS7.6AI score0.83857EPSS
In wildExploits1References32
Vulnrichment
Vulnrichment
added 2019/05/31 8:11 p.m.8 views

CVE-2019-9874

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...

8.2AI score0.83857EPSS
Exploits1References3
CVE
CVE
added 2019/05/31 8:11 p.m.424 views

CVE-2019-9874

CVE-2019-9874 affects Sitecore CMS 7.0–7.2 and Sitecore XP 7.5–8.2 via the Sitecore.Security.AntiCSRF deserialization module. An unauthenticated attacker can trigger remote code execution by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN**, exploiting untrusted data deser...

9.8CVSS9.7AI score0.83857EPSS
In wildExploits1References4Affected Software2
ATTACKERKB
ATTACKERKB
added 2019/05/31 12:0 a.m.9 views

CVE-2019-9874

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN. Recent assessments:...

9.8CVSS10AI score0.83857EPSS
In wildExploits1References4
Rows per page
Query Builder