CNNVD-202509-3201 Information
CNNVD ID
CNNVD-202509-3201
Related CVE
- CNNVD Published: 2025-09-21
Description (Chinese)
Sitecore Experience Platform(XP)和Sitecore Experience Manager(XM)都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager是一个管理软件。 Sitecore Experience Platform和Sitecore Experience Manager 9.2版本至10.4版本存在安全漏洞,该漏洞源于网页生成期间输入中和不当,可能导致跨站脚本攻击。
Description (English)
Sitecore Exchange Platform (XP) and Setecore Exchange Manager (XM) are products of the Danish company Sitecore. Sitecore Exchange Platform is a client digital experience platform. Site Exchange Manager is a management software. There is a security loophole between version 9.2 and version 10.4 of Sitecoré Exchange Platform and Setecoré Exchange Manager, which stems from the inaccuracy of input during webpage generation and may lead to cross-site script attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-09-21
Last Modified
2026-02-24
References
https://chudypb.github.io/ https://labs.watchtowr.com/disclosed-vulnerabilities/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734
Patch
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734
Share on: