Design/Logic Flaw

2018-02-1214:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

34.6%

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.

CPENameOperatorVersion
sitefinityeq9.1

CPE	Name	Operator	Version
	sitefinity	eq	9.1

References

packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html

www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html

0.001 Low

EPSS

Percentile

34.6%

Related for PRION:CVE-2017-18177