Cross-site Scripting Vulnerability in Sitecore Experience Platform and CMS
CVE-2022-4979

5.1MEDIUM

Key Information:

Vendor

Sitecore

Status
Experience Platform
Content Mangement System (cms)
Managed Cloud
Vendor
CVE Published:
25 July 2025

What is CVE-2022-4979?

A cross-site scripting (XSS) vulnerability has been identified in the Sitecore Experience Platform (XP) versions 7.5 to 10.2 and CMS versions 7.2 to 7.2 Update-6. This flaw may allow authenticated users of Sitecore Shell to inadvertently execute malicious JavaScript code, potentially compromising their session and data integrity. Managed Cloud Standard customers operating any of the affected Sitecore versions could also be at risk. To mitigate this vulnerability, it is crucial for users to apply the relevant patches provided by Sitecore.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Content Mangement System (CMS) 7.2 Initial Release <= 7.2 Update-6

Experience Platform 7.5 Initial Release <= 7.5 Update-2

Experience Platform 8.0 Initial Release <= 8.0 Update-7

References

https://support.sitecore.com/kb?id=kb_article_view&syspar...
vendor-advisorypatch
https://support.sitecore.com/kb?id=kb_article_view&syspar...
vendor-advisorypatch
https://www.vulncheck.com/advisories/sitecore-xp-cms-mana...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.