CNNVD-202509-343 Information
CNNVD ID
CNNVD-202509-343
Related CVE
- CNNVD Published: 2025-09-03
Description (Chinese)
Sitecore Experience Manager(XM)是丹麦Sitecore公司的一个管理软件。 Sitecore Experience Manager 9.0至9.3版本和10.0至10.4版本和Sitecore Experience Platform 9.0至9.3版本和10.0至10.4版本存在安全漏洞,该漏洞源于使用外部控制输入选择类或代码,可能导致缓存投毒。
Description (English)
Setcore Exchange Manager (XM) is a management software for the Danish company Sitecore. There is a security loophole between version 9.0 to 9.3 and versions 10.0 to 10.4 and between version 9.0 to 9.3 and version 10.0 to 10.4 of Sitecore Exchange Policy, which stems from the use of external controls to input selection categories or codes, which may lead to a cache poisoning.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Sitecore
Published
2025-09-03
Last Modified
2026-02-24
References
https://labs.watchtowr.com/cache-me-if-you-can-sitecore-experience-platform-cache-poisoning-to-rce/ https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667
Patch
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003667
Share on: