PT-2025-30884 · Sitecore · Sitecore Experience Platform+1
Published
2025-07-25
·
Updated
2025-07-25
·
CVE-2022-4979
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Sitecore Experience Platform (XP) versions 7.5 through 10.2
Sitecore CMS versions 7.2 through 7.2 Update-6
Description
A cross-site scripting (XSS) issue exists that may allow authenticated Sitecore Shell users to execute custom JavaScript code. This affects Managed Cloud Standard customers running the specified versions.
Recommendations
Sitecore Experience Platform (XP) versions prior to 7.5 are not affected.
Sitecore CMS versions prior to 7.2 are not affected.
Sitecore CMS version 7.2 Update-6 and earlier are affected.
Sitecore Experience Platform (XP) versions 7.5 through 10.2 are affected.
Sitecore CMS versions 7.2 through 7.2 Update-6 are affected.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitecore Cms
Sitecore Experience Platform