CVE-2022-4979
Sitecore XP 7.5 - 10.2, CMS 7.2, and Managed Cloud XSS
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A cross-site scripting (XSS) vulnerability exists in Sitecore Experience Platform (XP) 7.5 - 10.2 and CMS 7.2 - 7.2 Update-6 that may allow authenticated Sitecore Shell users to be tricked into executing custom JS code. Managed Cloud Standard customers who run the affected Sitecore Experience Platform / CMS versions are also affected.
| CWE | CWE-79 |
| Vendor | sitecore |
| Product | experience platform |
| Published | Jul 25, 2025 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for sitecore experience platform
Be the first to know when new unknown vulnerabilities affecting sitecore experience platform are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Sitecore / Experience Platform
7.5 Initial Release ≤ 7.5 Update-2 8.0 Initial Release ≤ 8.0 Update-7 8.1 Initial Release ≤ 8.1 Update-3 8.2 Initial Release ≤ 8.2 Update-7 9.0 Initial Release ≤ 9.0 Update-2 9.1 Initial Release ≤ 9.1 Update 1 9.2 Initial Release 9.3 Initial Release 10.0 Initial Release ≤ 10.0 Update-3 10.1 Initial Release ≤ 10.1 Update-2 10.2 Initial Release
Sitecore / Content Mangement System (CMS)
7.2 Initial Release ≤ 7.2 Update-6
Sitecore / Managed Cloud
*