CVE-2022-4979 (GCVE-0-2022-4979)
Vulnerability from cvelistv5 – Published: 2025-07-25 15:55 – Updated: 2025-11-21 16:05
VLAI?
Summary
A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sitecore | Experience Platform |
Affected:
7.5 Initial Release , ≤ 7.5 Update-2
(custom)
Affected: 8.0 Initial Release , ≤ 8.0 Update-7 (custom) Affected: 8.1 Initial Release , ≤ 8.1 Update-3 (custom) Affected: 8.2 Initial Release , ≤ 8.2 Update-7 (custom) Affected: 9.0 Initial Release , ≤ 9.0 Update-2 (custom) Affected: 9.1 Initial Release , ≤ 9.1 Update 1 (custom) Affected: 9.2 Initial Release Affected: 9.3 Initial Release Affected: 10.0 Initial Release , ≤ 10.0 Update-3 (custom) Affected: 10.1 Initial Release , ≤ 10.1 Update-2 (custom) Affected: 10.2 Initial Release |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T17:39:41.562664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T17:43:58.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Experience Platform",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "7.5 Update-2",
"status": "affected",
"version": "7.5 Initial Release",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0 Update-7",
"status": "affected",
"version": "8.0 Initial Release",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.1 Update-3",
"status": "affected",
"version": "8.1 Initial Release",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.2 Update-7",
"status": "affected",
"version": "8.2 Initial Release",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0 Update-2",
"status": "affected",
"version": "9.0 Initial Release",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1 Update 1",
"status": "affected",
"version": "9.1 Initial Release",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.2 Initial Release"
},
{
"status": "affected",
"version": "9.3 Initial Release"
},
{
"lessThanOrEqual": "10.0 Update-3",
"status": "affected",
"version": "10.0 Initial Release",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.1 Update-2",
"status": "affected",
"version": "10.1 Initial Release",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.2 Initial Release"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Content Mangement System (CMS)",
"vendor": "Sitecore",
"versions": [
{
"lessThanOrEqual": "7.2 Update-6",
"status": "affected",
"version": "7.2 Initial Release",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Managed Cloud",
"vendor": "Sitecore",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:7.5:*:*:*:*:*:*:*",
"versionEndIncluding": "update2",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:*:*:*:*:*:*:*",
"versionEndIncluding": "update7",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:*:*:*:*:*:*:*",
"versionEndIncluding": "update3",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:*:*:*:*:*:*:*",
"versionEndIncluding": "update7",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:9.0:*:*:*:*:*:*:*",
"versionEndIncluding": "update2",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:9.1:*:*:*:*:*:*:*",
"versionEndIncluding": "update1",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:9.2:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:9.3:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:10:*:*:*:*:*:*:*",
"versionEndIncluding": "update3",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:10.1:*:*:*:*:*:*:*",
"versionEndIncluding": "update2",
"versionStartIncluding": "*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sitecore:experience_platform:10.2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:cms:7.2:*:*:*:*:*:*:*",
"versionEndIncluding": "update6",
"versionStartIncluding": "*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow \u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eauthenticated Sitecore Shell users to be tricked into executing custom JS code\u003c/span\u003e. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.\u003c/p\u003e"
}
],
"value": "A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:05:35.685Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1001489"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1001539"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2022-4979",
"datePublished": "2025-07-25T15:55:36.039Z",
"dateReserved": "2025-07-24T15:19:26.600Z",
"dateUpdated": "2025-11-21T16:05:35.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-4979\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-07-25T16:15:27.230\",\"lastModified\":\"2025-07-29T14:14:55.157\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de cross-site scripting (xss) en Sitecore Experience Platform (XP) 7.5-10.2 y CMS 7.2-7.2 Update-6 que podr\u00eda permitir que usuarios autenticados de Sitecore Shell sean enga\u00f1ados para ejecutar c\u00f3digo JS personalizado. Los clientes de Managed Cloud Standard que utilizan las versiones afectadas de Sitecore Experience Platform/CMS tambi\u00e9n se ven afectados.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1001489\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1001539\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss\",\"source\":\"disclosure@vulncheck.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4979\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-25T17:39:41.562664Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-25T17:39:53.725Z\"}}], \"cna\": {\"title\": \"Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Sitecore\", \"product\": \"Experience Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.5 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.5 Update-2\"}, {\"status\": \"affected\", \"version\": \"8.0 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0 Update-7\"}, {\"status\": \"affected\", \"version\": \"8.1 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.1 Update-3\"}, {\"status\": \"affected\", \"version\": \"8.2 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.2 Update-7\"}, {\"status\": \"affected\", \"version\": \"9.0 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.0 Update-2\"}, {\"status\": \"affected\", \"version\": \"9.1 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.1 Update 1\"}, {\"status\": \"affected\", \"version\": \"9.2 Initial Release\"}, {\"status\": \"affected\", \"version\": \"9.3 Initial Release\"}, {\"status\": \"affected\", \"version\": \"10.0 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.0 Update-3\"}, {\"status\": \"affected\", \"version\": \"10.1 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"10.1 Update-2\"}, {\"status\": \"affected\", \"version\": \"10.2 Initial Release\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Sitecore\", \"product\": \"Content Mangement System (CMS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2 Initial Release\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.2 Update-6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Sitecore\", \"product\": \"Managed Cloud\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1001489\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1001539\", \"tags\": [\"vendor-advisory\", \"patch\"]}, {\"url\": \"https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow \u003cspan style=\\\"background-color: rgb(254, 254, 254);\\\"\u003eauthenticated Sitecore Shell users to be tricked into executing custom JS code\u003c/span\u003e. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:7.5:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update2\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:8.0:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update7\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:8.1:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update3\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:8.2:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update7\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:9.0:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update2\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:9.1:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update1\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:9.2:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:9.3:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:10:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update3\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:10.1:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update2\", \"versionStartIncluding\": \"*\"}, {\"criteria\": \"cpe:2.3:a:sitecore:experience_platform:10.2:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:sitecore:cms:7.2:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"update6\", \"versionStartIncluding\": \"*\"}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-11-21T16:05:35.685Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-4979\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-21T16:05:35.685Z\", \"dateReserved\": \"2025-07-24T15:19:26.600Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-07-25T15:55:36.039Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…