CVE-2025-53692

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://chudypb.github.io/
https://labs.watchtowr.com/disclosed-vulnerabilities/
https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003734

Configurations

No configuration.

History

21 Sep 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-21 20:15

Updated : 2025-09-22 21:23

NVD link : CVE-2025-53692

Mitre link : CVE-2025-53692

CVE.ORG link : CVE-2025-53692

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

7.1 /10