6 matches found
Sitefinity 7.0.x < 7.0.5140.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity 11.x < 11.0.6702.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity < 6.0.4230.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity 8.1.x < 8.1.5860.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity 7.3.x < 7.3.5690.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
CVE-2018-17056
CVE-2018-17056 is an XSS vulnerability in ServiceStack used by Progress Sitefinity CMS. Connected sources confirm affected product/version range: Sitefinity 10.2.x through 11.0.x, with the underlying issue in the ServiceStack component enabling remote script/HTML injection via unspecified vectors...