{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-4979", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-07-24T15:19:26.600Z", "datePublished": "2025-07-25T15:55:36.039Z", "dateUpdated": "2026-03-23T15:43:29.702Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Experience Platform", "vendor": "Sitecore", "versions": [{"lessThanOrEqual": "7.5 Update-2", "status": "affected", "version": "7.5 Initial Release", "versionType": "custom"}, {"lessThanOrEqual": "8.0 Update-7", "status": "affected", "version": "8.0 Initial Release", "versionType": "custom"}, {"lessThanOrEqual": "8.1 Update-3", "status": "affected", "version": "8.1 Initial Release", "versionType": "custom"}, {"lessThanOrEqual": "8.2 Update-7", "status": "affected", "version": "8.2 Initial Release", "versionType": "custom"}, {"lessThanOrEqual": "9.0 Update-2", "status": "affected", "version": "9.0 Initial Release", "versionType": "custom"}, {"lessThanOrEqual": "9.1 Update 1", "status": "affected", "version": "9.1 Initial Release", "versionType": "custom"}, {"status": "affected", "version": "9.2 Initial Release"}, {"status": "affected", "version": "9.3 Initial Release"}, {"lessThanOrEqual": "10.0 Update-3", "status": "affected", "version": "10.0 Initial Release", "versionType": "custom"}, {"lessThanOrEqual": "10.1 Update-2", "status": "affected", "version": "10.1 Initial Release", "versionType": "custom"}, {"status": "affected", "version": "10.2 Initial Release"}]}, {"defaultStatus": "unaffected", "product": "Content Mangement System (CMS)", "vendor": "Sitecore", "versions": [{"lessThanOrEqual": "7.2 Update-6", "status": "affected", "version": "7.2 Initial Release", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Managed Cloud", "vendor": "Sitecore", "versions": [{"status": "affected", "version": "*"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sitecore:experience_platform:7.5:*:*:*:*:*:*:*", "versionEndIncluding": "update2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:*:*:*:*:*:*:*", "versionEndIncluding": "update7", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:*:*:*:*:*:*:*", "versionEndIncluding": "update3", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:*:*:*:*:*:*:*", "versionEndIncluding": "update7", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.0:*:*:*:*:*:*:*", "versionEndIncluding": "update2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.1:*:*:*:*:*:*:*", "versionEndIncluding": "update1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.2:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.3:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:10:*:*:*:*:*:*:*", "versionEndIncluding": "update3", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:10.1:*:*:*:*:*:*:*", "versionEndIncluding": "update2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:10.2:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sitecore:cms:7.2:*:*:*:*:*:*:*", "versionEndIncluding": "update6", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow <span style=\"background-color: rgb(254, 254, 254);\">authenticated Sitecore Shell users to be tricked into executing custom JS code</span>. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.</p>"}], "value": "A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-23T15:43:29.702Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001489"}, {"tags": ["vendor-advisory", "patch"], "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001539"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss"}], "source": {"discovery": "UNKNOWN"}, "title": "Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS", "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-25T17:39:41.562664Z", "id": "CVE-2022-4979", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T17:43:58.975Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-4979", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-25T17:39:41.562664Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T17:39:53.725Z"}}], "cna": {"title": "Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sitecore", "product": "Experience Platform", "versions": [{"status": "affected", "version": "7.5 Initial Release", "versionType": "custom", "lessThanOrEqual": "7.5 Update-2"}, {"status": "affected", "version": "8.0 Initial Release", "versionType": "custom", "lessThanOrEqual": "8.0 Update-7"}, {"status": "affected", "version": "8.1 Initial Release", "versionType": "custom", "lessThanOrEqual": "8.1 Update-3"}, {"status": "affected", "version": "8.2 Initial Release", "versionType": "custom", "lessThanOrEqual": "8.2 Update-7"}, {"status": "affected", "version": "9.0 Initial Release", "versionType": "custom", "lessThanOrEqual": "9.0 Update-2"}, {"status": "affected", "version": "9.1 Initial Release", "versionType": "custom", "lessThanOrEqual": "9.1 Update 1"}, {"status": "affected", "version": "9.2 Initial Release"}, {"status": "affected", "version": "9.3 Initial Release"}, {"status": "affected", "version": "10.0 Initial Release", "versionType": "custom", "lessThanOrEqual": "10.0 Update-3"}, {"status": "affected", "version": "10.1 Initial Release", "versionType": "custom", "lessThanOrEqual": "10.1 Update-2"}, {"status": "affected", "version": "10.2 Initial Release"}], "defaultStatus": "unaffected"}, {"vendor": "Sitecore", "product": "Content Mangement System (CMS)", "versions": [{"status": "affected", "version": "7.2 Initial Release", "versionType": "custom", "lessThanOrEqual": "7.2 Update-6"}], "defaultStatus": "unaffected"}, {"vendor": "Sitecore", "product": "Managed Cloud", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001489", "tags": ["vendor-advisory", "patch"]}, {"url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001539", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.", "supportingMedia": [{"type": "text/html", "value": "<p>A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow <span style=\"background-color: rgb(254, 254, 254);\">authenticated Sitecore Shell users to be tricked into executing custom JS code</span>. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitecore:experience_platform:7.5:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:8.0:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update7", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:8.1:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update3", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:8.2:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update7", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.0:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.1:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.2:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:9.3:*:*:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:10:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update3", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:10.1:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:sitecore:experience_platform:10.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitecore:cms:7.2:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "update6", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitecore:managed_cloud:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-23T15:43:29.702Z"}}}, "cveMetadata": {"cveId": "CVE-2022-4979", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:43:29.702Z", "dateReserved": "2025-07-24T15:19:26.600Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-25T15:55:36.039Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (xss) en Sitecore Experience Platform (XP) 7.5-10.2 y CMS 7.2-7.2 Update-6 que podr\u00eda permitir que usuarios autenticados de Sitecore Shell sean enga\u00f1ados para ejecutar c\u00f3digo JS personalizado. Los clientes de Managed Cloud Standard que utilizan las versiones afectadas de Sitecore Experience Platform/CMS tambi\u00e9n se ven afectados."}], "id": "CVE-2022-4979", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-07-25T16:15:27.230", "references": [{"source": "disclosure@vulncheck.com", "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001489"}, {"source": "disclosure@vulncheck.com", "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001539"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/sitecore-xp-cms-managed-cloud-xss"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-07-31T10:21:32.735930+00:00", "updated": "2025-07-31T10:21:32.735984+00:00", "vendors": ["sitecore", "sitecore$PRODUCT$cms", "sitecore$PRODUCT$experience_platform", "sitecore$PRODUCT$managed_cloud", "sitecore$PRODUCT$sitecore"]}