Sitecore : Security Vulnerabilities, CVEs, Published In 2009
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
Max CVSS
6.8
EPSS Score
4.42%
Published
2009-12-21
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.
Max CVSS
4.3
EPSS Score
0.15%
Published
2009-06-22
Updated
2018-10-10
Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests.
Max CVSS
4.0
EPSS Score
0.16%
Published
2009-03-24
Updated
2018-10-10
3 vulnerabilities found