Lucene search
K

135 matches found

Prion
Prion
added 2019/06/06 5:29 p.m.8 views

Design/Logic Flaw

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.4CVSS6.5AI score0.00926EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/06/06 5:29 p.m.3 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5CVSS6.6AI score0.00926EPSS
Exploits0References2
CVE
CVE
added 2019/06/06 4:4 p.m.142 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies on logout; the browser cookie is overwritten but remains valid on the server, allowing reuse of an active session to access the account even after credentials/permissions change. This is confirmed across multiple sources (NVD, Red ...

6.5CVSS6.4AI score0.00926EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/06 4:4 p.m.16 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5AI score0.00926EPSS
Exploits0References2
Prion
Prion
added 2018/10/03 6:29 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...

4.3CVSS5.9AI score0.00836EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2018/10/03 6:29 p.m.5 views

CVE-2018-17053

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...

6.1CVSS5.9AI score0.00836EPSS
Exploits2References2
NVD
NVD
added 2018/10/03 6:29 p.m.23 views

CVE-2018-17053

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...

6.1CVSS6AI score0.00836EPSS
Exploits1References2
NVD
NVD
added 2018/10/03 6:29 p.m.18 views

CVE-2018-17054

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...

6.1CVSS6AI score0.00836EPSS
Exploits1References2
Prion
Prion
added 2018/10/03 6:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...

4.3CVSS5.9AI score0.00836EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2018/10/03 6:0 p.m.50 views

CVE-2018-17053

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...

6.2AI score0.00836EPSS
Exploits1References2
CVE
CVE
added 2018/10/03 6:0 p.m.48 views

CVE-2018-17054

CVE-2018-17054 is an XSS vulnerability in Sitefinity’s Identity Server component affecting Sitefinity CMS versions 10.0–11.0. The issue enables remote attackers to inject arbitrary web script or HTML via login request parameters. Connected sources confirm the identity of the vulnerable component ...

6.1CVSS6AI score0.00836EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/10/03 6:0 p.m.20 views

CVE-2018-17054

Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...

6.2AI score0.00836EPSS
Exploits1References2
CVE
CVE
added 2018/10/03 6:0 p.m.45 views

CVE-2018-17053

CVE-2018-17053 involves a cross-site scripting (XSS) vulnerability in the Identity Server component of Progress Sitefinity CMS, affecting Version 10.0 through 11.0. The issue allows authenticated or remote attackers to inject arbitrary web script or HTML via login-request parameters, potentially ...

6.1CVSS6AI score0.00836EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/09/29 12:0 a.m.3 views

Progress Sitefinity CMS Cross-Site Scripting Vulnerability

Progress Sitefinity CMS is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or...

6.1CVSS6.3AI score0.00819EPSS
Exploits1References1
OSV
OSV
added 2018/09/28 12:29 a.m.2 views

CVE-2018-17056

Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00819EPSS
Exploits1References2
NVD
NVD
added 2018/09/28 12:29 a.m.22 views

CVE-2018-17056

Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.00819EPSS
Exploits1References2
NVD
NVD
added 2018/09/28 12:29 a.m.16 views

CVE-2018-17055

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...

7.5CVSS7.5AI score0.00967EPSS
Exploits1References2
Prion
Prion
added 2018/09/28 12:29 a.m.10 views

Design/Logic Flaw

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...

5CVSS7.5AI score0.00967EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/09/28 12:29 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.00819EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/09/28 12:0 a.m.57 views

CVE-2018-17055

CVE-2018-17055 affects Progress Sitefinity CMS, versions 4.0 through 11.0. The issue is an arbitrary file upload vulnerability related to image uploads. The provided documents do not specify the exact attack vector, exploit details, or affected components beyond the image-upload context, nor do t...

7.5CVSS7.3AI score0.00967EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder