CVE-2023-33653

Name of the Vulnerable Software and Affected Versions Sitecore Experience Platform (XP) version 9.3

Description The issue is related to an authenticated remote code execution via the /Applications/Content Manager/Execute.aspx component, specifically when the cmd parameter is set to convert and the mode parameter is set to HTML.

Recommendations For Sitecore Experience Platform (XP) version 9.3, consider restricting access to the /Applications/Content Manager/Execute.aspx endpoint to minimize the risk of exploitation. Avoid using the cmd parameter with the convert value and the mode parameter with the HTML value in the Execute.aspx endpoint until the issue is resolved.