CVE-2020-36850 HIGH

CVE-2020-36850: Sitecore JSS React Sample Application 11.0.0 - 14.0.1 Information Disclosure

Vendor Sitecore

Product JSS React Sample Application

Weakness CWE-200 · Info exposure

Published July 25, 2025

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user.

Key dates

02Disclosure timeline

July 25, 2025 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-36850

Related vulnerabilities

Identifiers

CVE CVE-2020-36850

CWE CWE-200

CVSS 8.7 / HIGH

Affected versions