CVE-2023-26262

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
sitecoreexperience_manager
𝑥
≤ 10.3
sitecoreexperience_platform
𝑥
< 10.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/istern/CVE-2023-26262
https://www.sitecore.com/trust
https://github.com/istern/CVE-2023-26262
https://www.sitecore.com/trust