📦

crm

Vendor: sitecore

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 36 Total Indexed

Avg. EPSS 1.18% Exploit Prob.

Latest CVE CVE-2019-15950 Sep 16

Security Vulnerability Index

Page 1 / 4

6.1 CVSS

CVE-2019-15950

The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.

EPSS: 0.89%

Severity: MEDIUM

Sep 16, 2019

4.9 CVSS

CVE-2017-5966

Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.

EPSS: 1.60%

Severity: MEDIUM

May 23, 2017

6.7 CVSS

CVE-2017-5965

The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.

EPSS: 1.05%

Severity: MEDIUM

May 23, 2017

Displaying 3 of 36 Total Entries

1 2 3 4

Total 4 Sections