CVE-2019-13493
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 1.6%
from disclosure to weapon0 days
Published on NVDJul 17
1st PoCJul 11
exploitation probability
1.6%top 27% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/153613/Sitecore-9.0-Rev-171002-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47106unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.