CVE-2025-53692 HIGH

CVE-2025-53692: Sitecore Experience Platform Cross-Site Scripting Vulnerability

Vendor Sitecore
Product Sitecore Experience Manager (XM)
Weakness CWE-79 · XSS
Published September 21, 2025
Last update September 22, 2025
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-Site Scripting (XSS).This issue affects Sitecore Experience Manager (XM): from 9.2 through 10.4; Experience Platform (XP): from 9.2 through 10.4.

Key dates

02Disclosure timeline

September 21, 2025 CVE published
September 22, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10876 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting CVE-2024-5504 Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget CVE-2025-25136 WordPress Optimate Ads plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability CVE-2025-3814 Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter CVE-2024-26103 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)