A cross-site scripting (XSS) vulnerability has been identified in Sitecore Experience Platform (XP) versions 7.5 through 10.2, as well as in Sitecore CMS versions 7.2 prior to 7.2 Update-6. This vulnerability may allow authenticated users of Sitecore Shell to be manipulated into executing custom JavaScript code. Additionally, customers using Sitecore Managed Cloud Standard with the affected versions of XP or CMS are also vulnerable.
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
To address this vulnerability, Sitecore users should apply the available hotfixes for their specific version. Instructions for downloading and installing these hotfixes can be found in the Sitecore Knowledge Base articles KB1001419, KB1001420, KB1001553, KB1001551, KB1001300, KB1001439, and KB1001489. For Sitecore CMS 7.2 and Sitecore XP 7.5, the patch 'Sitecore.Support.500712-8.1.3.0.zip' can be applied.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
