CVE-2019-13493: XSS
First published: Wed Jul 17 2019(Updated: )
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sitecore | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Sitecore vulnerability?
The vulnerability ID for this Sitecore vulnerability is CVE-2019-13493.
What is the severity level of CVE-2019-13493?
The severity level of CVE-2019-13493 is medium with a CVSS score of 5.4.
What is the description of CVE-2019-13493?
CVE-2019-13493 is a Persistent XSS vulnerability in Sitecore 9.0 rev 171002, specifically in the Media Library and File Manager. An authenticated unprivileged user can inject arbitrary JavaScript by modifying the uploaded file extension parameter.
Which software version is affected by CVE-2019-13493?
CVE-2019-13493 affects Sitecore Experience Platform version 9.0.
Is there a solution or fix available?
Yes, it is recommended to apply the necessary patches or updates provided by Sitecore to fix CVE-2019-13493.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sitecore
- canonical/sitecore
- version/sitecore/9.0