Lucene search
K
SitecoreExperience Commerce

10 matches found

CVE
CVE
added 2025/09/03 8:4 p.m.431 views

CVE-2025-53690

CVE-2025-53690 affects Sitecore XM/XP (through 9.0) with a Deserialization of Untrusted Data vulnerability that can enable remote code execution. Connected sources provide concrete details: a PoC exploit targeting a .NET deserialization path (ViewState/Asp.NET machine keys) and reports of remote ...

9CVSS6.6AI score0.30809EPSS
In wild
CVE
CVE
added 2023/06/17 12:0 a.m.211 views

CVE-2023-35813

Sitecore CVE-2023-35813 affects Experience Manager, Experience Platform, and Experience Commerce up to version 10.3. The root cause is remote code execution via the XAML parser triggered by injecting malicious ASP.NET markup, enabling unauthenticated arbitrary code execution on Sitecore servers a...

9.8CVSS9.7AI score0.86685EPSS
In wildWeb
CVE
CVE
added 2024/09/15 12:0 a.m.99 views

CVE-2024-46938

CVE-2024-46938 affects Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files due to an improper path access check in the affected Sitecore components. Affected...

7.5CVSS7.3AI score0.46077EPSS
In wild
CVE
CVE
added 2025/06/17 6:20 p.m.97 views

CVE-2025-34509

Sitecore XM/XP affected: Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE; root cause is a hardcoded user account that allows unauthenticated, remote access to the ad...

7.5CVSS8.2AI score0.39961EPSS
In wild
CVE
CVE
added 2025/06/17 6:46 p.m.72 views

CVE-2025-34510

Sitecore XP, XM, and XC (versions 9.0–9.3 and 10.0–10.4) are affected by Zip Slip leading to RCE. A remote, authenticated attacker can upload a ZIP with path traversal to write arbitrary files and execute code. Public references describe post-auth exploitation chains (including Metasploit modules...

8.8CVSS8.8AI score0.09986EPSS
CVE
CVE
added 2025/06/17 7:5 p.m.63 views

CVE-2025-34511

CVE-2025-34511 affects Sitecore PowerShell Extensions (SPE) for Sitecore XM/XP. The vulnerability is an unrestricted file upload in SPE versions up to 7.0, allowing a remote, authenticated attacker to upload arbitrary files and achieve remote code execution. Connected exploit-related documents co...

8.8CVSS9AI score0.09118EPSS
CVE
CVE
added 2023/06/06 12:0 a.m.57 views

CVE-2023-33651

CVE-2023-33651 affects Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) from 9.0 Initial Release through 13.0 Initial Release. The vulnerability is in the MVC Device Simulator and allows attackers to bypass authorization rules. The connected PT-Security rep...

7.5CVSS7.5AI score0.01427EPSS
CVE
CVE
added 2025/09/03 12:36 p.m.44 views

CVE-2025-53693

CVE-2025-53693 is an HTML cache poisoning vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) caused by using externally-controlled input to select classes or code (Unsafe Reflection). Affected products: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. The underlying...

9.8CVSS6.6AI score0.13782EPSS
CVE
CVE
added 2025/09/03 12:36 p.m.33 views

CVE-2025-53694

CVE-2025-53694 is an information-disclosure vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) affecting XM 9.2–10.4 and XP 9.2–10.4. The issue stems from exposure of sensitive information via the ItemService API, accessible under restricted anonymous conditions, enabl...

7.5CVSS6.6AI score0.05343EPSS
Web
CVE
CVE
added 2025/09/03 12:36 p.m.32 views

CVE-2025-53691

CVE-2025-53691 is a Sitecore vulnerability: insecure deserialization in Sitecore Experience Manager (XM) and Experience Platform (XP) can lead to Remote Code Execution (RCE). Affected: XM 9.0–9.3 and 10.0–10.4; XP 9.0–9.3 and 10.0–10.4. Root cause: untrusted data deserialization using insecure pa...

8.8CVSS7.2AI score0.01441EPSS