Cross-Site Scripting Vulnerabilities in Sitecore CMS by Sitecore
CVE-2019-11198

6.1MEDIUM

Key Information:

Vendor

Sitecore

Status
Cms
Vendor
CVE Published:
5 August 2019

What is CVE-2019-11198?

Multiple cross-site scripting vulnerabilities exist in Sitecore CMS 9.0.1 and earlier versions. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML, posing serious security risks. Affected modules include List Manager Dashboard, Campaign Creator, Attributes field, Icon Selection, Latitude and Longitude fields, UploadPackage2.aspx, Context menu, and Insert from Template dialog. Successful exploitation could lead to unauthorized actions performed by users, making it critical to update to safer versions.

References

https://outpost24.com/blog
x_refsource_MISC
https://dev.sitecore.net/Downloads/Sitecore%20Experience%...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.