CVE-2017-11440 — CVSS 4.9 (medium): In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx…
CVE-2014-100004 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web…
CVE-2009-2163 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to…
CVE-2009-1055 — CVSS 4.0 (medium): Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security…