Lucene search
K

135 matches found

Prion
Prion
added 2023/04/10 3:15 p.m.32 views

Code injection

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

4.9CVSS5.2AI score0.00414EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/10 12:0 a.m.19 views

CVE-2023-29375

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector...

9.7AI score0.00797EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.7 views

Progress Sitefinity 跨站脚本漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity Series 13.3, versions prior to 13.3.7647, Series 14.0, versions prior to 14.0.7736, Series 14.1, versions prior to 14.1.7826, Series 14.2, versions...

5.4CVSS5.6AI score0.00414EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/10 12:0 a.m.8 views

CVE-2023-29375

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector...

9.6AI score0.00797EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/10 12:0 a.m.4 views

Progress Sitefinity 代码问题漏洞

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity Series 13.3, versions prior to 13.3.7647, Series 14.0, versions prior to 14.0.7736, Series 14.1, versions prior to 14.1.7826, Series 14.2, versions...

9.8CVSS8.4AI score0.00797EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/10 12:0 a.m.7 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

5.2AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/10 12:0 a.m.22 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...

5.4AI score0.00414EPSS
Exploits0References2
CVE
CVE
added 2023/04/10 12:0 a.m.45 views

CVE-2023-29375

Progress Sitefinity (versions 13.3 up to 13.3.7647, 14.0 up to 14.0.7736, 14.1 up to 14.1.7826, 14.2 up to 14.2.7930, and 14.3 up to 14.3.8025) is affected by a vulnerability allowing potentially dangerous file uploads via the SharePoint connector. The underlying issue is a file-upload risk expos...

9.8CVSS9.4AI score0.00797EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/10 12:0 a.m.59 views

CVE-2023-29376

Product affected: Progress Sitefinity (versions 13.3.x up to 13.3.7646; 14.0 up to 14.0.7735; 14.1 up to 14.1.7825; 14.2 up to 14.2.7929; 14.3 up to 14.3.8024).** Vulnerability: Cross-site scripting (XSS) by privileged users targeting media libraries.** CVE: CVE-2023-29376.** Root cause / impact ...

5.4CVSS5.1AI score0.00414EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-22232 · Progress · Progress Sitefinity

Name of the Vulnerable Software and Affected Versions: Progress Sitefinity versions 13.3 through 13.3.7646 Progress Sitefinity versions 14.0 through 14.0.7735 Progress Sitefinity versions 14.1 through 14.1.7825 Progress Sitefinity versions 14.2 through 14.2.7929 Progress Sitefinity versions 14.3...

9.8CVSS7.3AI score0.00797EPSS
Exploits0References7
CNVD
CNVD
added 2019/11/27 12:0 a.m.3 views

Unspecified Vulnerability in Progress Sitefinity CMS

Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 12.1, which stems from the program's use of a weak password recovery mechanism when retrieving passwords. The vulnerability can be exploited...

9.8CVSS7AI score0.01089EPSS
Exploits0References1
NVD
NVD
added 2019/11/26 6:15 p.m.21 views

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

9.8CVSS9.5AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 6:15 p.m.5 views

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

9.8CVSS7.3AI score0.01089EPSS
Exploits0References1
Prion
Prion
added 2019/11/26 6:15 p.m.19 views

Default credentials

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

7.5CVSS9.4AI score0.01089EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/26 5:30 p.m.75 views

CVE-2019-17392

CVE-2019-17392 affects Progress Sitefinity 12.1. The issue is a weak password recovery mechanism caused by mishandling the HTTP Host header, enabling password reset abuse as described in multiple connected sources (NVD, Red Hat, CNVD, CVE records). The primary impact cited is exposure of credenti...

9.8CVSS9.3AI score0.01089EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/11/06 4:15 p.m.24 views

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

6.1CVSS6AI score0.00894EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/11/06 3:7 p.m.34 views

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

6AI score0.00894EPSS
Exploits1References1
CVE
CVE
added 2019/11/06 3:7 p.m.42 views

CVE-2017-18639

Progress Sitefinity CMS prior to version 10.1 is vulnerable to cross-site scripting (XSS) via multiple parameters: /Pages Page Title, /Content/News News Title, /Content/List List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Document Title, /Content/Images/LibraryImages/...

6.1CVSS5.9AI score0.00894EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/06/11 12:0 a.m.3 views

Progress Sitefinity Authorization Issues Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. An authorization issue vulnerability exists in Progress Sitefinity version 10.1.6536. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a web syste...

6.5CVSS7AI score0.00926EPSS
Exploits0References1
OSV
OSV
added 2019/06/06 5:29 p.m.4 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5CVSS6.6AI score0.00926EPSS
Exploits0References2
Rows per page
Query Builder