Sitecore

Managed Cloud

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2025-53690

Warnung Medienbericht Exploit
  • EPSS 10.07%
  • Veröffentlicht 03.09.2025 20:04:48
  • Zuletzt bearbeitet 30.10.2025 20:39:16

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

8.8

CVE-2025-53691

Exploit
  • EPSS 3.34%
  • Veröffentlicht 03.09.2025 12:36:59
  • Zuletzt bearbeitet 08.09.2025 18:30:40

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experi...

9.8

CVE-2025-53693

Exploit
  • EPSS 0.44%
  • Veröffentlicht 03.09.2025 12:36:53
  • Zuletzt bearbeitet 08.09.2025 18:28:13

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM...

7.5

CVE-2025-53694

Exploit
  • EPSS 0.1%
  • Veröffentlicht 03.09.2025 12:36:37
  • Zuletzt bearbeitet 08.09.2025 18:11:15

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (...

9.3

CVE-2025-34138

  • EPSS 0.64%
  • Veröffentlicht 25.07.2025 16:15:28
  • Zuletzt bearbeitet 04.12.2025 17:15:54

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of CVE-2025-53692 and CVE-2025-53694.

8.7

CVE-2025-34139

  • EPSS 0.15%
  • Veröffentlicht 25.07.2025 16:15:28
  • Zuletzt bearbeitet 12.11.2025 20:15:42

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform...

5.1

CVE-2022-4979

  • EPSS 0.02%
  • Veröffentlicht 25.07.2025 16:15:27
  • Zuletzt bearbeitet 29.07.2025 14:14:55

A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard custome...

8.8

CVE-2025-34511

Exploit
  • EPSS 78.65%
  • Veröffentlicht 17.06.2025 19:05:10
  • Zuletzt bearbeitet 08.09.2025 19:10:33

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the ser...

8.8

CVE-2025-34510

Exploit
  • EPSS 87.27%
  • Veröffentlicht 17.06.2025 18:46:04
  • Zuletzt bearbeitet 08.09.2025 19:22:24

Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a cra...

7.5

CVE-2025-34509

Exploit
  • EPSS 23.18%
  • Veröffentlicht 17.06.2025 18:20:57
  • Zuletzt bearbeitet 27.12.2025 17:15:47

Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remo...