Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
Related Posts
CVE-2019-9673 (freenet)Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.
-
CVE-2016-10245Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. View Full Alert