Cross-site Scripting Vulnerability in Sitecore Experience Platform and CMS
CVE-2022-4979
5.1MEDIUM
Key Information:
- Vendor
Sitecore
- Vendor
- CVE Published:
- 25 July 2025
What is CVE-2022-4979?
A cross-site scripting (XSS) vulnerability has been identified in the Sitecore Experience Platform (XP) versions 7.5 to 10.2 and CMS versions 7.2 to 7.2 Update-6. This flaw may allow authenticated users of Sitecore Shell to inadvertently execute malicious JavaScript code, potentially compromising their session and data integrity. Managed Cloud Standard customers operating any of the affected Sitecore versions could also be at risk. To mitigate this vulnerability, it is crucial for users to apply the relevant patches provided by Sitecore.
Affected Version(s)
Content Mangement System (CMS) 7.2 Initial Release <= 7.2 Update-6
Experience Platform 7.5 Initial Release <= 7.5 Update-2
Experience Platform 8.0 Initial Release <= 8.0 Update-7