← back
CVE-2019-13493

CVE-2019-13493

23Vexday Risk Score

No sign of exploitation. It has a public proof of concept.

ssvc Attendepss 1.6%
from disclosure to weapon0 days
Published on NVDJul 17
1st PoCJul 11
exploitation probability
1.6%top 27% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.