CVE-2023-26262

Published: Mar 14, 2023Modified: Feb 27, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.

Affected (2)

Products: Sitecore: Experience Manager, Experience Platform

Sitecore

2 products

Experience Manager

Experience Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sitecore Experience Manager	Up to 10.3
Sitecore Experience Platform	Before 10.3

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/istern/CVE-2023-26262

Source: cve@mitre.org

ExploitMitigationThird Party Advisory

https://www.sitecore.com/trust

Source: cve@mitre.org

Vendor Advisory

https://github.com/istern/CVE-2023-26262

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party Advisory

https://www.sitecore.com/trust

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.