Lucene search

CVE-2023-27636

🗓️ 16 Jun 2024 21:50:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

Progress Sitefinity version 14.0.0 XSS vulnerabilit

Reporter	Title	Published	Views	Family All 6
Cvelist	CVE-2023-27636	16 Jun 202400:00	–	cvelist
Exploit DB	Sitefinity 15.0 - Cross-Site Scripting (XSS)	3 Jun 202400:00	–	exploitdb
0day.today	Sitefinity 15.0 - Cross-Site Scripting Vulneraility	4 Jun 202400:00	–	zdt
Vulnrichment	CVE-2023-27636	16 Jun 202400:00	–	vulnrichment
NVD	CVE-2023-27636	16 Jun 202421:15	–	nvd
Packet Storm	Sitefinity 15.0 Cross Site Scripting	3 Jun 202400:00	–	packetstorm

Nvd

Node

progress sitefinityRange<15.0.0

Source	Link
exploit-db	www.exploit-db.com/exploits/52035
aldisaw	www.aldisaw.id/security/2024/06/03/CVE-2023-27636.html

Parameter	Position	Path	Description	CWE
content	request body	/sitefinity-cms/news	Authenticated users can inject XSS payloads via the content form in Sitefinity's SF Editor.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Jun 2024 21:15Current

6Medium risk

Vulners AI Score6

CVSS35.4

EPSS0.00094

SSVC

CWE-79