135 matches found
Code injection
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
CVE-2023-29375
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector...
Progress Sitefinity 跨站脚本漏洞
Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity Series 13.3, versions prior to 13.3.7647, Series 14.0, versions prior to 14.0.7736, Series 14.1, versions prior to 14.1.7826, Series 14.2, versions...
CVE-2023-29375
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector...
Progress Sitefinity 代码问题漏洞
Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity Series 13.3, versions prior to 13.3.7647, Series 14.0, versions prior to 14.0.7736, Series 14.1, versions prior to 14.1.7826, Series 14.2, versions...
CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries...
CVE-2023-29375
Progress Sitefinity (versions 13.3 up to 13.3.7647, 14.0 up to 14.0.7736, 14.1 up to 14.1.7826, 14.2 up to 14.2.7930, and 14.3 up to 14.3.8025) is affected by a vulnerability allowing potentially dangerous file uploads via the SharePoint connector. The underlying issue is a file-upload risk expos...
CVE-2023-29376
Product affected: Progress Sitefinity (versions 13.3.x up to 13.3.7646; 14.0 up to 14.0.7735; 14.1 up to 14.1.7825; 14.2 up to 14.2.7929; 14.3 up to 14.3.8024).** Vulnerability: Cross-site scripting (XSS) by privileged users targeting media libraries.** CVE: CVE-2023-29376.** Root cause / impact ...
PT-2023-22232 · Progress · Progress Sitefinity
Name of the Vulnerable Software and Affected Versions: Progress Sitefinity versions 13.3 through 13.3.7646 Progress Sitefinity versions 14.0 through 14.0.7735 Progress Sitefinity versions 14.1 through 14.1.7825 Progress Sitefinity versions 14.2 through 14.2.7929 Progress Sitefinity versions 14.3...
Unspecified Vulnerability in Progress Sitefinity CMS
Progress Sitefinity is an open source platform for building corporate websites and intranets. A security vulnerability exists in Progress Sitefinity version 12.1, which stems from the program's use of a weak password recovery mechanism when retrieving passwords. The vulnerability can be exploited...
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
Default credentials
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
CVE-2019-17392
CVE-2019-17392 affects Progress Sitefinity 12.1. The issue is a weak password recovery mechanism caused by mishandling the HTTP Host header, enabling password reset abuse as described in multiple connected sources (NVD, Red Hat, CNVD, CVE records). The primary impact cited is exposure of credenti...
CVE-2017-18639
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...
CVE-2017-18639
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...
CVE-2017-18639
Progress Sitefinity CMS prior to version 10.1 is vulnerable to cross-site scripting (XSS) via multiple parameters: /Pages Page Title, /Content/News News Title, /Content/List List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Document Title, /Content/Images/LibraryImages/...
Progress Sitefinity Authorization Issues Vulnerability
Progress Sitefinity is an open source platform for building corporate websites and intranets. An authorization issue vulnerability exists in Progress Sitefinity version 10.1.6536. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a web syste...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...