3 matches found
CVE-2017-18176
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...
CVE-2017-18176
Progress Sitefinity 9.1 is affected by a cross‑site scripting (XSS) vulnerability triggered by file uploads, where JavaScript in an HTML file shares origin with the app’s code. Details from multiple sources confirm the issue and that it is fixed in Sitefinity 10.1. The root cause is an XSS condit...
CVE-2017-18176
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1...