Cross-Site Scripting Vulnerability in Sitecore CMS by Sitecore
CVE-2009-2163

Currently unrated

Key Information:

Vendor: Sitecore
Status: Cms
Vendor: CVE Published:; 22 June 2009

What is CVE-2009-2163?

A cross-site scripting vulnerability exists in the login/default.aspx file of Sitecore CMS versions prior to 6.0.2 Update-1 090507. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the 'sc_error' query parameter. If exploited, this vulnerability can lead to the execution of malicious scripts in users' browsers when they access the affected site, potentially compromising sensitive user information and security.

References

http://www.securityfocus.com/archive/1/504093/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/504132/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/35353

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2009
Vulnerability Reserved
Jun 22, 2009