📦 Experience Platform

This CVE describes a deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) that allows attackers to inject and execute arbitrary code by sending specially craf...

This vulnerability allows attackers to poison the cache in Sitecore Experience Manager/Platform by exploiting unsafe reflection. Attackers can potentially execute arbitrary code remotely. Affected use...

This critical vulnerability allows remote attackers to execute arbitrary code on affected Sitecore systems without authentication. It affects Sitecore Experience Manager, Experience Platform, and Expe...

CVE-2023-27068 is a critical deserialization vulnerability in Sitecore Experience Platform that allows remote attackers to execute arbitrary code via the ValidationResult.aspx endpoint. This affects a...

CVE-2021-42237 is a critical remote code execution vulnerability in Sitecore Experience Platform (XP) that allows unauthenticated attackers to execute arbitrary commands on affected servers through in...

A deserialization vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) allows remote attackers to execute arbitrary code by sending specially crafted data. This affects all o...

An unauthenticated attacker can read arbitrary files on Sitecore Experience Platform, Experience Manager, and Experience Commerce systems. This vulnerability affects all versions from 8.0 Initial Rele...

This vulnerability allows attackers to bypass authorization rules in Sitecore's MVC Device Simulator component, potentially accessing restricted functionality or data. It affects Sitecore Experience P...

Sitecore Experience Platform v9.3 contains an authenticated remote code execution vulnerability in the Content Manager component. Attackers with valid credentials can execute arbitrary code on affecte...