Sitecore

Experience Platform

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-53692

  • EPSS 0.03%
  • Veröffentlicht 21.09.2025 19:42:46
  • Zuletzt bearbeitet 22.09.2025 21:23:01

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Ex...

9

CVE-2025-53690

Warnung Medienbericht Exploit
  • EPSS 10.07%
  • Veröffentlicht 03.09.2025 20:04:48
  • Zuletzt bearbeitet 30.10.2025 20:39:16

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.

8.8

CVE-2025-53691

Exploit
  • EPSS 3.34%
  • Veröffentlicht 03.09.2025 12:36:59
  • Zuletzt bearbeitet 08.09.2025 18:30:40

Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experi...

9.8

CVE-2025-53693

Exploit
  • EPSS 0.44%
  • Veröffentlicht 03.09.2025 12:36:53
  • Zuletzt bearbeitet 08.09.2025 18:28:13

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM...

7.5

CVE-2025-53694

Exploit
  • EPSS 0.1%
  • Veröffentlicht 03.09.2025 12:36:37
  • Zuletzt bearbeitet 08.09.2025 18:11:15

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (...

8.7

CVE-2025-34139

  • EPSS 0.15%
  • Veröffentlicht 25.07.2025 16:15:28
  • Zuletzt bearbeitet 12.11.2025 20:15:42

A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform...

9.3

CVE-2025-34138

  • EPSS 0.64%
  • Veröffentlicht 25.07.2025 16:15:28
  • Zuletzt bearbeitet 04.12.2025 17:15:54

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority, as it is a duplicate of CVE-2025-53692 and CVE-2025-53694.

5.1

CVE-2022-4979

  • EPSS 0.02%
  • Veröffentlicht 25.07.2025 16:15:27
  • Zuletzt bearbeitet 29.07.2025 14:14:55

A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard custome...

6.9

CVE-2015-10142

  • EPSS 0.06%
  • Veröffentlicht 25.07.2025 16:15:26
  • Zuletzt bearbeitet 29.07.2025 14:14:55

Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to downloa...

8.8

CVE-2025-34511

Exploit
  • EPSS 78.65%
  • Veröffentlicht 17.06.2025 19:05:10
  • Zuletzt bearbeitet 08.09.2025 19:10:33

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the ser...