Experience platform

This hub aggregates every CVE we track for Experience platform, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Experience platform.

• CVE-2025-53690Sitecore Products ViewState Deserialization VulnerabilityKEV9.0Sep 3, 2025
• CVE-2025-53691Sitecore Experience Remote Code Execution through Insecure Deserialization8.8Sep 3, 2025
• CVE-2025-53693HTML Cache Poisoning through Unsafe Reflections9.8Sep 3, 2025
• CVE-2025-53694Information Disclosure in ItemServices API7.5Sep 3, 2025
• CVE-2025-34511Sitecore PowerShell Extension RCE via Unrestricted Upload8.8Jun 17, 2025
• CVE-2025-34510Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip8.8Jun 17, 2025
• CVE-2025-34509Sitecore XM and XP Hardcoded Credentials7.5Jun 17, 2025
• CVE-2024-46938An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can...7.5Sep 15, 2024
• CVE-2023-35813Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.9.8Jun 17, 2023
• CVE-2023-33653Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /Applications/Content%20Manager/Execute.aspx?cmd=conver...8.8Jun 6, 2023
• CVE-2023-33652Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.8.8Jun 6, 2023
• CVE-2023-33651An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to by...7.5Jun 6, 2023
• CVE-2023-27068Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.9.8May 23, 2023
• CVE-2023-27067Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx7.5May 22, 2023
• CVE-2023-27066Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.6.5May 22, 2023