CVE-2023-35813: 
Sitecore Experience Platform (XP) vulnerability analysis and mitigation

Multiple Sitecore products were found to be vulnerable to remote code execution (CVE-2023-35813). The vulnerability affects Sitecore Experience Manager, Experience Platform, and Experience Commerce versions 8.2 through 10.3. The vulnerability was disclosed on June 17, 2023, and has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) (NVD).

The vulnerability is characterized by insufficient sanitizing of user-supplied inputs in the application, which could allow remote code execution within the context of the application. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD, FortiGuard).

The vulnerability poses a severe risk as successful exploitation could lead to system compromise, allowing remote attackers to gain control of vulnerable systems. The high severity rating indicates potential for complete compromise of system confidentiality, integrity, and availability (FortiGuard).

Organizations are advised to apply the latest upgrades or patches available from Sitecore. A security patch has been released and is available through the vendor's support portal (Sitecore KB).