CVE-2019-13493

MEDIUM

Sitecore Experience Platform - XSS

Title source: rule

Description

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.

Exploits (1)

exploitdb WORKING POC

by Owais Mehtab · textwebappsaspx

https://www.exploit-db.com/exploits/47106

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153613/Sitecore-9.0-Rev-171002-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0019

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

sitecore/experience_platform 9.0

Published Jul 17, 2019

Tracked Since Feb 18, 2026