CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
62.1%
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities :
An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 (CVE-2017-9140)
An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 (CVE-2018-17053, CVE-2018-17054)
An XSS vulnerability in Service Stack affects versions 10.2 through 11.0 (CVE-2018-17056)
An arbitrary file upload vulnerability affects versions 4.0 through 11.0 (CVE-2018-17055)
An arbitrary code execution in Dynamic Linq Parser affects versions 4.0 through 11.0
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17056
insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process/
knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018
www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
62.1%