Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HSitecore Experience Platform
APPSitecore9.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
Related vulnerabilities
CVE-2025-53690CRITICAL9.0⚠ KEVPL ✓ten sam produkt
Krótki tytuł podatności po polsku (max 80 znaków)
CVE-2021-42237CRITICAL9.8⚠ KEVten sam produkt
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attac...
CVE-2019-9874CRITICAL9.8⚠ KEVten sam produkt
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0...
CVE-2025-53693CRITICAL9.8PL ✓ten sam produkt
Unsafe Reflection umożliwiający Cache Poisoning w Sitecore XM/XP
CVE-2023-35813CRITICAL9.8ten sam produkt
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, ...