CVE-2017-11439

Name of the Vulnerable Software and Affected Versions Sitecore version 8.2

Description The issue is related to reflected XSS in the shell/Applications/Tools/Run Program parameter. This means that an attacker could potentially inject malicious code into the parameter, which would then be executed by the application.

Recommendations For Sitecore version 8.2, consider restricting access to the shell/Applications/Tools/Run Program parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the Run Program parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.