CVE-2009-2163

Sitecore CMS < 6.0.2 - Cross-Site Scripting via sc_error Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2163. PoCs published by intern0t.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Sitecore CMS 6.0.0 rev. 090120, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by intern0t · textwebappsphp
https://www.exploit-db.com/exploits/34930

The provided text describes a cross-site scripting (XSS) vulnerability in Sitecore CMS 6.0.0 rev. 090120, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sitecore CMS 6.0.0 rev. 090120
No auth needed
Prerequisites: Access to the vulnerable URL parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504093/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504132/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35353

Scores

EPSS 0.0299
EPSS Percentile 85.6%

Details

CWE
CWE-79
Status published
Products (4)
sitecore/cms 5.3.0
sitecore/cms 5.3.1
sitecore/cms 6.0.1
sitecore/cms < 6.0.2
Published Jun 22, 2009
Tracked Since Feb 18, 2026