Sitecore : Security Vulnerabilities, CVEs, Published In 2009

CVE-2009-4367

The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
Max CVSS
6.8
EPSS Score
4.42%
Published
2009-12-21
Updated
2018-10-10

CVE-2009-2163

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.
Max CVSS
4.3
EPSS Score
0.15%
Published
2009-06-22
Updated
2018-10-10

CVE-2009-1055

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
Max CVSS
4.0
EPSS Score
0.16%
Published
2009-03-24
Updated
2018-10-10
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close