CVE-2023-26262

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.

CVSS v3.0 7.2 HIGH

7.2^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/istern/CVE-2023-26262	Exploit Mitigation Third Party Advisory
https://github.com/istern/CVE-2023-26262	Exploit Mitigation Third Party Advisory
https://www.sitecore.com/trust	Vendor Advisory
https://www.sitecore.com/trust	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sitecore:experience_manager::::::::
	cpe:2.3:a:sitecore:experience_platform::::::::

History

27 Feb 2025, 21:15

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/istern/CVE-2023-26262 - Exploit, Mitigation, Third Party Advisory~~	() https://github.com/istern/CVE-2023-26262 - Exploit, Mitigation, Third Party Advisory
References	~~(MISC) https://www.sitecore.com/trust - Vendor Advisory~~	() https://www.sitecore.com/trust - Vendor Advisory

10 Apr 2023, 17:39

Type	Values Removed	Values Added
CPE	cpe:2.3:a:sitecore:experience_manager:10.3:::::::* cpe:2.3:a:sitecore:experience_platform:10.3:::::::*	cpe:2.3:a:sitecore:experience_platform:::::::: cpe:2.3:a:sitecore:experience_manager::::::::

Information

Published : 2023-03-14 21:15

Updated : 2025-02-27 21:15

NVD link : CVE-2023-26262

Mitre link : CVE-2023-26262

JSON object : View

Products Affected

sitecore

experience_platform
experience_manager

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

7.2 /10