📦 Experience Commerce

This CVE describes a deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) that allows attackers to inject and execute arbitrary code by sending specially craf...

This vulnerability allows attackers to poison the cache in Sitecore Experience Manager/Platform by exploiting unsafe reflection. Attackers can potentially execute arbitrary code remotely. Affected use...

This critical vulnerability allows remote attackers to execute arbitrary code on affected Sitecore systems without authentication. It affects Sitecore Experience Manager, Experience Platform, and Expe...

A deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) allows remote attackers to execute arbitrary code by sending specially crafted data. This affects all o...

An unauthenticated attacker can read arbitrary files on Sitecore Experience Platform, Experience Manager, and Experience Commerce systems. This vulnerability affects all versions from 8.0 Initial Rele...

This vulnerability allows attackers to bypass authorization rules in Sitecore's MVC Device Simulator component, potentially accessing restricted functionality or data. It affects Sitecore Experience P...