Experience Platform
Approved changes feed: RSS · Atom
cpe:2.3:a:sitecore:experience_platform:9.0:*:*:*:*:*:*:*
part: a version: 9.0 update: *
| Vendor | Sitecore (a7d448aa-2b42-539c-981e-05d11ea00680) |
|---|---|
| Product | Experience Platform (026326e1-f45f-5b58-94dc-146885d4fa2f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-4979 |
vulnerable | 2026-06-03 14:48:44.415261 |
Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS
A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.
Published: 2025-07-25T15:55:36.039Z
Updated: 2026-03-23T15:43:29.702Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13493 |
vulnerable | 2026-06-03 14:39:37.720522 |
Details available
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Published: 2019-07-17T19:10:51.000Z
Updated: 2024-08-04T23:57:39.274Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.