Deserialization of Untrusted Data in Sitecore Experience...
Critical severity
Unreviewed
Published
May 23, 2023
to the GitHub Advisory Database
•
Updated Apr 11, 2024
Description
Published by the National Vulnerability Database
May 23, 2023
Published to the GitHub Advisory Database
May 23, 2023
Last updated
Apr 11, 2024
Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.
References