1864 matches found
Progress Sitefinity CMS Cross-Site Scripting Vulnerability
Progress Sitefinity CMS is an open source platform for building corporate websites and intranets. A cross-site scripting vulnerability exists in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or...
CVE-2018-17056
Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-17055
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...
CVE-2018-17056
Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
Design/Logic Flaw
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...
CVE-2018-14037
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
CVE-2018-14037
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
CVE-2018-14037
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
CVE-2018-17055
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads...
CVE-2018-14037
CVE-2018-14037 is a cross-site scripting vulnerability in Progress Kendo UI Editor v2018.1.221. The issue arises from the editorNS.Serializer toEditableHtml function in kendo.all.min.js, enabling an attacker to inject arbitrary JavaScript into the editor’s DOM. If a victim loads the editor, the p...
CVE-2018-17056
CVE-2018-17056 is an XSS vulnerability in ServiceStack used by Progress Sitefinity CMS. Connected sources confirm affected product/version range: Sitefinity 10.2.x through 11.0.x, with the underlying issue in the ServiceStack component enabling remote script/HTML injection via unspecified vectors...
CVE-2018-17055
CVE-2018-17055 affects Progress Sitefinity CMS, versions 4.0 through 11.0. The issue is an arbitrary file upload vulnerability related to image uploads. The provided documents do not specify the exact attack vector, exploit details, or affected components beyond the image-upload context, nor do t...
Progress Kendo UI Editor 2018.1.221 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: Progress Kendo UI Editor vulnerable version: v2018.1.221 fixed version: none, see workaround CVE number: CVE-2018-14037 impact: mediu...
Unable to launch the published application.
Unable to launch the published application. The progress window shows the Welcome screen, applying group policies, Citrix Profile management etc and then disappears. No time out or failing errors on the VDA found...
Progress Telerik JustAssembly and JustDecompile Code Execution Vulnerabilities
Progress Telerik JustAssembly and JustDecompile are both products of Progress Software, Inc. Progress Telerik JustAssembly is a code diff checking and decompilation tool.JustDecompile is an open source Decompile is an open source decompilation engine. A security vulnerability exists in Progress...
CVE-2018-15122
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...
Design/Logic Flaw
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...
CVE-2018-15122
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object such as DLL or EXE with an embedded resource file by clicking on the resource...