Cross-site Scripting Vulnerability in Sitecore Experience Platform and CMS
CVE-2022-4979

5.1MEDIUM

What is CVE-2022-4979?

A cross-site scripting (XSS) vulnerability has been identified in the Sitecore Experience Platform (XP) versions 7.5 to 10.2 and CMS versions 7.2 to 7.2 Update-6. This flaw may allow authenticated users of Sitecore Shell to inadvertently execute malicious JavaScript code, potentially compromising their session and data integrity. Managed Cloud Standard customers operating any of the affected Sitecore versions could also be at risk. To mitigate this vulnerability, it is crucial for users to apply the relevant patches provided by Sitecore.

Affected Version(s)

Content Mangement System (CMS) 7.2 Initial Release <= 7.2 Update-6

Experience Platform 7.5 Initial Release <= 7.5 Update-2

Experience Platform 8.0 Initial Release <= 8.0 Update-7

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-4979 : Cross-site Scripting Vulnerability in Sitecore Experience Platform and CMS