Sitecore : Security Vulnerabilities, CVEs, Published In 2017
In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.
Max CVSS
4.9
EPSS Score
0.13%
Published
2017-07-19
Updated
2017-07-21
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
Max CVSS
5.4
EPSS Score
0.12%
Published
2017-07-19
Updated
2017-07-21
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
Max CVSS
6.1
EPSS Score
0.07%
Published
2017-06-23
Updated
2017-07-03
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.
Max CVSS
4.9
EPSS Score
0.35%
Published
2017-05-23
Updated
2017-06-08
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.
Max CVSS
6.7
EPSS Score
0.26%
Published
2017-05-23
Updated
2019-10-03
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-03-19
Updated
2017-03-21
6 vulnerabilities found