CVE-2023-35813

CRITICAL EXPLOITED NUCLEI

Sitecore Experience Commerce < 10.3 - Code Injection

Title source: rule

Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.

nomisec WORKING POC 8 stars

by aalexpereira · remote

nomisec WORKING POC 5 stars

by BagheeraAltered · remote

nomisec SCANNER 3 stars

by her3ticAVI · infoleak

nomisec WORKING POC

by Rezy-Dev · remote

Sitecore - Remote Code Execution

CRITICALby DhiyaneshDk,iamnoooob

Shodan: title:"Sitecore" || http.title:"sitecore"

FOFA: title="sitecore"

CVSS v3 9.8

EPSS 0.9352

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

VulnCheck KEV 2024-01-22

CWE

CWE-94

Status published

Products (4)

sitecore/experience_commerce 8.2 - 10.3

sitecore/experience_manager 8.2 - 10.3

sitecore/experience_platform 8.2 - 10.3

sitecore/managed_cloud 8.2 - 10.3

Published Jun 17, 2023

Tracked Since Feb 18, 2026