Cross-Site Scripting Vulnerability in Sitecore CMS
CVE-2014-100004

Currently unrated

Key Information:

Vendor: Sitecore
Status: Cms
Vendor: CVE Published:; 13 January 2015

What is CVE-2014-100004?

A cross-site scripting (XSS) vulnerability exists in Sitecore CMS prior to version 7.0 Update-4 (rev. 140120). This flaw allows remote attackers to inject arbitrary web scripts or HTML by manipulating the 'xmlcontrol' parameter in requests made to the default URI. Successful exploitation can lead to unauthorized actions taken on behalf of users and the exposure of sensitive information.

References

http://www.securityfocus.com/bid/65254

vdb-entryx_refsource_BID

http://osvdb.org/102660

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/56705

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015