135 matches found
Design/Logic Flaw
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies on logout; the browser cookie is overwritten but remains valid on the server, allowing reuse of an active session to access the account even after credentials/permissions change. This is confirmed across multiple sources (NVD, Red ...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
Cross site scripting
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...
CVE-2018-17053
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...
CVE-2018-17053
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...
CVE-2018-17054
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...
Cross site scripting
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...
CVE-2018-17053
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054...
CVE-2018-17054
CVE-2018-17054 is an XSS vulnerability in Sitefinity’s Identity Server component affecting Sitefinity CMS versions 10.0–11.0. The issue enables remote attackers to inject arbitrary web script or HTML via login request parameters. Connected sources confirm the identity of the vulnerable component ...
CVE-2018-17054
Cross-site scripting XSS vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053...
CVE-2018-17053
CVE-2018-17053 involves a cross-site scripting (XSS) vulnerability in the Identity Server component of Progress Sitefinity CMS, affecting Version 10.0 through 11.0. The issue allows authenticated or remote attackers to inject arbitrary web script or HTML via login-request parameters, potentially ...
Progress Sitefinity CMS Cross-Site Scripting Vulnerability
Progress Sitefinity CMS is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or...
CVE-2018-17056
Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-17056
Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-17055
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...
Design/Logic Flaw
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...
Cross site scripting
Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-17055
CVE-2018-17055 affects Progress Sitefinity CMS, versions 4.0 through 11.0. The issue is an arbitrary file upload vulnerability related to image uploads. The provided documents do not specify the exact attack vector, exploit details, or affected components beyond the image-upload context, nor do t...