Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Sitecore — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting Sitecore. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Sitecore:Experience Manager (XM)Sitecore Experience Manager (XM)Experience ManagerPowershell ExtensionExperience PlatformJSS React Sample ApplicationExperience Platform (XP)
CVE IDTitleCVSSSeverityPublished
CVE-2025-53692 Sitecore Experience Platform Cross-Site Scripting Vulnerability — Sitecore Experience Manager (XM)CWE-79 7.1 High2025-09-21
CVE-2025-53690 Sitecore Products ViewState Deserialization Vulnerability — Experience Manager (XM)CWE-502 9.0 Critical2025-09-03
CVE-2025-53691 Sitecore Experience Remote Code Execution through Insecure Deserialization — Experience Manager (XM)CWE-502 8.8 High2025-09-03
CVE-2025-53693 HTML Cache Poisoning through Unsafe Reflections — Sitecore Experience Manager (XM)CWE-470 9.8 Critical2025-09-03
CVE-2025-53694 Information Disclosure in ItemServices API — Sitecore Experience Manager (XM)CWE-200 7.5 High2025-09-03
CVE-2022-4979 Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS — Experience PlatformCWE-79 4.8 -2025-07-25
CVE-2015-10142 Sitecore XP < 8.0 and CMS < 7.2 and < 7.5 File Read via Known Path — Experience Platform (XP)CWE-610 7.5 -2025-07-25
CVE-2025-34139 Sitecore XM/XP/XC and Managed Cloud 8.0 - 10.4 Arbitrary File Read — Experience Manager (XM)CWE-522 7.5 -2025-07-25
CVE-2020-36850 Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure — JSS React Sample ApplicationCWE-200 4.6 -2025-07-25
CVE-2025-34511 Sitecore PowerShell Extension RCE via Unrestricted Upload — Powershell ExtensionCWE-434 8.8 High2025-06-17
CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip — Experience ManagerCWE-23 8.8 High2025-06-17
CVE-2025-34509 Sitecore XM and XP Hardcoded Credentials — Experience ManagerCWE-798 7.5 High2025-06-17

This page lists every published CVE security advisory associated with Sitecore. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.