CNNVD-202507-3280 Information
CNNVD ID
CNNVD-202507-3280
Related CVE
- CNNVD Published: 2025-07-25
Description (Chinese)
Sitecore Experience Platform(XP)和Sitecore Experience Manager(XM)都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager是一个管理软件。 Sitecore Experience Platform(XP)和Sitecore Experience Manager(XM)存在安全漏洞,该漏洞源于跨站脚本,可能导致执行自定义JS代码。
Description (English)
Sitecore Exchange Platform (XP) and Setecore Exchange Manager (XM) are products of the Danish company Sitecore. Sitecore Exchange Platform is a client digital experience platform. Site Exchange Manager is a management software. There is a security loophole in Sitecore Exchange Platform (XP) and Setecore Exchange Manager (XM), which originates from a cross-site script and may lead to the implementation of a custom JS code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-07-25
Last Modified
2026-02-24
References
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001489 https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001539 https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss https://access.redhat.com/security/cve/cve-2022-4979
Patch
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001489
Share on: