Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: sitecore Clear
ID Title
CVE-2025-53690 KEV [KEV] Unsafe Deserialization in Sitecore multiple-products (CVE-2025-53690)
vulnerability in Sitecore multiple-products (CVE-2025-53690). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-9875 KEV [KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9875)
vulnerability in Sitecore cms-and-experience-platform-xp (CVE-2019-9875). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-9874 KEV [KEV] Unsafe Deserialization in Sitecore cms-and-experience-platform-xp (CVE-2019-9874)
vulnerability in Sitecore cms-and-experience-platform-xp (CVE-2019-9874). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-42237 KEV [KEV] Unsafe Deserialization in Sitecore xp (CVE-2021-42237)
vulnerability in Sitecore xp (CVE-2021-42237). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2017-11439 In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
CVE-2017-11440 Path Traversal in path-traversal (CVE-2017-11440)
path traversal in path-traversal (CVE-2017-11440). Confidential information can be exposed externally.
CVE-2017-9356 Cross-Site Scripting (XSS) in csharp (CVE-2017-9356)
cross-site scripting in csharp (CVE-2017-9356). Risk of unauthorized operations or information disclosure.
CVE-2017-5965 Vulnerability in sitecore (CVE-2017-5965)
vulnerability in sitecore (CVE-2017-5965). Successful exploitation can lead to full system takeover.
CVE-2017-5966 Path Traversal in path-traversal (CVE-2017-5966)
path traversal in path-traversal (CVE-2017-5966). Confidential information can be exposed externally.
CVE-2016-8855 Cross-Site Scripting (XSS) in sitecore (CVE-2016-8855)
cross-site scripting in sitecore (CVE-2016-8855). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →