Cross-Site Scripting Vulnerability in Sitecore CMS
CVE-2014-100004

Currently unrated

Key Information:

Vendor

Sitecore

Status
Cms
Vendor
CVE Published:
13 January 2015

What is CVE-2014-100004?

A cross-site scripting (XSS) vulnerability exists in Sitecore CMS prior to version 7.0 Update-4 (rev. 140120). This flaw allows remote attackers to inject arbitrary web scripts or HTML by manipulating the 'xmlcontrol' parameter in requests made to the default URI. Successful exploitation can lead to unauthorized actions taken on behalf of users and the exposure of sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/65254
vdb-entryx_refsource_BID
http://osvdb.org/102660
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/56705
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.