CVE-2024-1636

🗓️ 28 Feb 2024 12:05:23Reported by ProgressSoftwareType

Potential Cross-Site Scripting (XSS) in page editing area. NV

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2024-1636	28 Feb 202413:26	–	circl
CNNVD	Progress Sitefinity Cross-Site Scripting Vulnerability	28 Feb 202400:00	–	cnnvd
CNNVD	Progress Sitefinity Security Breach	28 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area	28 Feb 202412:05	–	cvelist
EUVD	EUVD-2024-17371	3 Oct 202520:07	–	euvd
EUVD	EUVD-2024-17374	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1636	28 Feb 202412:15	–	nvd
OSV	CVE-2024-1632	28 Feb 202412:15	–	osv
OSV	CVE-2024-1636	28 Feb 202412:15	–	osv
Prion	Information disclosure	28 Feb 202412:15	–	prion

NVD

Node

progress sitefinityRange<13.3.7649

progress sitefinityRange14.0–14.4.8135

progress sitefinityRange15.0.8200–15.0.8227

[
  {
    "defaultStatus": "unaffected",
    "product": "Sitefinity",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "13.3.7649",
        "status": "affected",
        "version": "13.3.7600",
        "versionType": "semver"
      },
      {
        "lessThan": "14.4.8135",
        "status": "affected",
        "version": "14.4.8100",
        "versionType": "semver"
      },
      {
        "lessThan": "15.0.8227",
        "status": "affected",
        "version": "15.0.8200",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
community	www.community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024
progress	www.progress.com/sitefinity-cms

16 Dec 2024 21:05Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.15.4 - 8

EPSS0.00066

SSVC

CWE-79