Cms Security Vulnerabilities and Issues — Cms CVE List

Lucene search

SitecoreCms

4 matches found

CVE•added 2009/06/22 8:30 p.m.•38 views

CVE-2009-2163

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.

4.3CVSS5.9AI score0.01123EPSS

Web

CVE•added 2017/07/19 7:29 a.m.•38 views

CVE-2017-11440

In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.

4.9CVSS5.2AI score0.00869EPSS

Web

CVE•added 2015/01/13 11:59 a.m.•36 views

CVE-2014-100004

Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information.

4.3CVSS5.9AI score0.00475EPSS

CVE•added 2009/03/24 2:30 p.m.•31 views

CVE-2009-1055

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.

4CVSS6.7AI score0.00335EPSS