CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area

🗓️ 28 Feb 2024 12:05:23Reported by ProgressSoftwareType

Potential Cross-Site Scripting (XSS) in page editing area

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2024-1636	28 Feb 202413:26	–	circl
CNNVD	Progress Sitefinity Cross-Site Scripting Vulnerability	28 Feb 202400:00	–	cnnvd
CNNVD	Progress Sitefinity Security Breach	28 Feb 202400:00	–	cnnvd
CVE	CVE-2024-1636	28 Feb 202412:05	–	cve
EUVD	EUVD-2024-17371	3 Oct 202520:07	–	euvd
EUVD	EUVD-2024-17374	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1636	28 Feb 202412:15	–	nvd
OSV	CVE-2024-1632	28 Feb 202412:15	–	osv
OSV	CVE-2024-1636	28 Feb 202412:15	–	osv
Prion	Information disclosure	28 Feb 202412:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "product": "Sitefinity",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "13.3.7649",
        "status": "affected",
        "version": "13.3.7600",
        "versionType": "semver"
      },
      {
        "lessThan": "14.4.8135",
        "status": "affected",
        "version": "14.4.8100",
        "versionType": "semver"
      },
      {
        "lessThan": "15.0.8227",
        "status": "affected",
        "version": "15.0.8200",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
community	www.community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024
progress	www.progress.com/sitefinity-cms

28 Feb 2024 12:05Current

7.2High risk

Vulners AI Score7.2

CVSS 3.18

EPSS0.00066

CWE-79