XSS in Sitecore Content Mangement System (Cms)
CVE-2022-4979
A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Stand…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (18.2th percentile) — read the EPSS interpretation.
Affected products
- Sitecore Content Mangement System (Cms) — versions 7.2 Initial Release
- Sitecore Experience Platform — versions 7.5 Initial Release, 8.0 Initial Release, 8.1 Initial Release
- Sitecore Managed Cloud
Weakness classification (CWE)
References
- support.sitecore.com/kb (vendor-advisory, patch)
- support.sitecore.com/kb (vendor-advisory, patch)
- www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss (third-party-advisory)