Lucene search
+L

278 matches found

Prion
Prion
added 2019/11/26 6:15 p.m.19 views

Default credentials

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

7.5CVSS9.4AI score0.01089EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/26 5:30 p.m.22 views

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

9.5AI score0.01089EPSS
Exploits0References1
CVE
CVE
added 2019/11/26 5:30 p.m.77 views

CVE-2019-17392

CVE-2019-17392 affects Progress Sitefinity 12.1. The issue is a weak password recovery mechanism caused by mishandling the HTTP Host header, enabling password reset abuse as described in multiple connected sources (NVD, Red Hat, CNVD, CVE records). The primary impact cited is exposure of credenti...

9.8CVSS9.3AI score0.01089EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/11/06 4:15 p.m.24 views

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

6.1CVSS6AI score0.00894EPSS
Exploits1References1
OSV
OSV
added 2019/11/06 4:15 p.m.6 views

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

6.1CVSS5.8AI score0.00894EPSS
Exploits1References1
Prion
Prion
added 2019/11/06 4:15 p.m.17 views

Design/Logic Flaw

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

4.3CVSS6AI score0.00894EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/11/06 3:7 p.m.34 views

CVE-2017-18639

Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages...

6AI score0.00894EPSS
Exploits1References1
CVE
CVE
added 2019/11/06 3:7 p.m.44 views

CVE-2017-18639

Progress Sitefinity CMS prior to version 10.1 is vulnerable to cross-site scripting (XSS) via multiple parameters: /Pages Page Title, /Content/News News Title, /Content/List List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Document Title, /Content/Images/LibraryImages/...

6.1CVSS5.9AI score0.00894EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/06/11 12:0 a.m.5 views

Progress Sitefinity Authorization Issues Vulnerability

Progress Sitefinity is an open source platform for building corporate websites and intranets. An authorization issue vulnerability exists in Progress Sitefinity version 10.1.6536. The vulnerability stems from a lack of authentication measures or insufficient authentication strength in a web syste...

6.5CVSS7AI score0.01041EPSS
Exploits0References1
OSV
OSV
added 2019/06/06 5:29 p.m.4 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5CVSS6.6AI score0.01041EPSS
Exploits0References2
NVD
NVD
added 2019/06/06 5:29 p.m.15 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5CVSS6.5AI score0.01041EPSS
Exploits0References2
Prion
Prion
added 2019/06/06 5:29 p.m.10 views

Design/Logic Flaw

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.4CVSS6.5AI score0.01041EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/06/06 4:4 p.m.144 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies on logout; the browser cookie is overwritten but remains valid on the server, allowing reuse of an active session to access the account even after credentials/permissions change. This is confirmed across multiple sources (NVD, Red ...

6.5CVSS6.4AI score0.01041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/06 4:4 p.m.18 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

6.5AI score0.01041EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/08 12:0 a.m.17 views

Sitefinity Administration Panel Login Form Detected

Sitefinity Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.57 views

Sitefinity < 10.0.6412.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is prior to 10.0.6412.0. It is, therefore, affected by multiple vulnerabilities in Telerik DialogHandler and RadAsyncUpload : - A cryptographic weakness exists in Telerik.Web.UI that can be exploited to disclose encryption keys - An...

9.8CVSS7.5AI score0.83476EPSS
Exploits13References5
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.34 views

Sitefinity 7.0.x < 7.0.5140.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...

7.5CVSS7.4AI score0.09642EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.18 views

Sitefinity 10.2.x < 10.2.6604.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...

7.5CVSS7.4AI score0.09642EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.22 views

Sitefinity 11.x < 11.0.6702.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...

7.5CVSS7.4AI score0.09642EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.18 views

Sitefinity 9.2.x < 9.2.6270.0 Multiple Vulnerabilities

The version of Sitefinity installed on the remote host is affected by multiple vulnerabilities : - An XSS vulnerability in Telerik.ReportViewer affects versions 4.2 through 11.0 CVE-2017-9140 - An XSS vulnerability in?Identity Server affects versions 10.0 through 11.0 CVE-2018-17053, CVE-2018-170...

7.5CVSS7.4AI score0.09642EPSS
Exploits4References8
Rows per page
Query Builder