278 matches found
Default credentials
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...
CVE-2019-17392
CVE-2019-17392 affects Progress Sitefinity 12.1. The issue is a weak password recovery mechanism caused by mishandling the HTTP Host header, enabling password reset abuse as described in multiple connected sources (NVD, Red Hat, CNVD, CVE records). The primary impact cited is exposure of credenti...
CVE-2017-18639
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...
CVE-2017-18639
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...
Design/Logic Flaw
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...
CVE-2017-18639
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...
CVE-2017-18639
Progress Sitefinity CMS prior to version 10.1 is vulnerable to cross-site scripting (XSS) via multiple parameters: /Pages Page Title, /Content/News News Title, /Content/List List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Document Title, /Content/Images/LibraryImages/...
Progress Sitefinity Authorization Issues Vulnerability
Progress Sitefinity is an open source platform for building corporate websites and intranets. An authorization issue vulnerability exists in Progress Sitefinity version 10.1.6536. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a web syste...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
Design/Logic Flaw
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies on logout; the browser cookie is overwritten but remains valid on the server, allowing reuse of an active session to access the account even after credentials/permissions change. This is confirmed across multiple sources (NVD, Red ...
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...
Sitefinity Administration Panel Login Form Detected
Sitefinity Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No...
Sitefinity < 10.0.6412.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is prior to 10.0.6412.0. It is, therefore, affected by multiple vulnerabilities in Telerik DialogHandler and RadAsyncUpload : - A cryptographic weakness exists in Telerik.Web.UI that can be exploited to disclose encryption keys - An...
Sitefinity 7.0.x < 7.0.5140.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity 10.2.x < 10.2.6604.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity 11.x < 11.0.6702.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...
Sitefinity 9.2.x < 9.2.6270.0 Multiple Vulnerabilities
The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...