Cross-site Scripting Vulnerability in Sitecore Experience Manager and Experience Platform
CVE-2025-53692
7.1HIGH
What is CVE-2025-53692?
A vulnerability has been identified in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) that allows for improper neutralization of input during web page generation. This Cross-site Scripting (XSS) vulnerability can permit an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access to sensitive information or the execution of malicious actions. The issue affects specific versions within the range of 9.2 to 10.4 for both products, necessitating prompt attention from users to mitigate any risks associated with this vulnerability.
Affected Version(s)
Experience Platform (XP) 9.2 <= 10.4
Sitecore Experience Manager (XM) 9.2 <= 10.4