CVE-2022-4979— Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS

Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS

A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Sitecore Experience Platform（XP）和Sitecore Experience Manager（XM） 安全漏洞

Sitecore Experience Platform（XP）和Sitecore Experience Manager（XM）都是丹麦Sitecore公司的产品。Sitecore Experience Platform是一套客户数字体验平台。Sitecore Experience Manager是一个管理软件。 Sitecore Experience Platform（XP）和Sitecore Experience Manager（XM）存在安全漏洞，该漏洞源于跨站脚本，可能导致执行自定义JS代码。

N/A

N/A