CVE-2017-9248

CVE-2017-9248 affects Progress Telerik UI for ASP.NET AJAX (and Sitefinity) prior to R2 2017 SP1 / 10.0.6412.0. The vulnerability lies in Telerik.Web.UI.dll handling of the Telerik.Web.UI.DialogParametersEncryptionKey and the MachineKey, enabling an attacker to defeat cryptographic protection and...

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies on logout; the browser cookie is overwritten but remains valid on the server, allowing reuse of an active session to access the account even after credentials/permissions change. This is confirmed across multiple sources (NVD, Red ...

CVE-2024-1636

CVE-2024-1636 is a reported Cross-Site Scripting (XSS) issue described as affecting the page editing area in Sitefinity CMS (Progress). The Red Hat entry reiterates the same CVE and frames it in terms of low-privilege user access potentially impacting the Sitefinity backend. Public documents do n...

CVE-2024-1632

CVE-2024-1632 is a vulnerability in Progress Sitefinity CMS where low-privileged users with backend access can obtain sensitive information from the administrative area. The connected sources confirm the issue affects the Sitefinity backend and constitutes an information disclosure (confidentiali...

CVE-2026-7312

CVE-2026-7312 affects Progress Sitefinity versions 14.0.7700–14.4.8152, 15.0.8200–15.0.8234, 15.1.8300–15.1.8335, 15.2.8400–15.2.8441, 15.3.8500–15.3.8531, and 15.4.8600–15.4.8630. CWE‑522 describes Insufficiently Protected Credentials in web services. The vulnerability allows a remote unauthenti...

CVE-2019-17392

CVE-2019-17392 affects Progress Sitefinity 12.1. The issue is a weak password recovery mechanism caused by mishandling the HTTP Host header, enabling password reset abuse as described in multiple connected sources (NVD, Red Hat, CNVD, CVE records). The primary impact cited is exposure of credenti...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows Cross‑Site Scripting (XSS) by authenticated users via the SF Editor’s content form. Affected component: SF Editor in Sitefinity; vulnerability arises in input handling within the editor, enabling script execution when payloads are submitted and viewed. Imp...

CVE-2017-15883

CVE-2017-15883 affects Progress Sitefinity across versions 5.1–10.x. The vulnerability allows remote attackers to bypass authentication and potentially gain privileges, resulting in denial of service on load-balanced deployments, with vectors related to weak cryptography. The connected documents ...

CVE-2024-11626

Progress Sitefinity CVE-2024-11626 is an XSS-type vulnerability due to improper input neutralization in the CMS backend page generation. It affects Sitefinity releases 4.0–14.4.8142, 15.0.8200–15.0.8229, 15.1.8300–15.1.8327, and 15.2.8400–15.2.8421. The CVE details are corroborated by NVD, Red Ha...

CVE-2023-29376

Product affected: Progress Sitefinity (versions 13.3.x up to 13.3.7646; 14.0 up to 14.0.7735; 14.1 up to 14.1.7825; 14.2 up to 14.2.7929; 14.3 up to 14.3.8024).** Vulnerability: Cross-site scripting (XSS) by privileged users targeting media libraries.** CVE: CVE-2023-29376.** Root cause / impact ...

CVE-2024-11625

Technical details about CVE-2024-11625 are not present in the provided documents; monitor for updates.

CVE-2017-18175

Progress Sitefinity 9.1 is affected by an XSS vulnerability in the Content Management Template Configuration (aka Templateconfiguration), demonstrated via the src attribute of an IMG element. The issue is fixed in version 10.1. Exploitation details are not provided in the supplied documents.

CVE-2018-17055

CVE-2018-17055 affects Progress Sitefinity CMS, versions 4.0 through 11.0. The issue is an arbitrary file upload vulnerability related to image uploads. The provided documents do not specify the exact attack vector, exploit details, or affected components beyond the image-upload context, nor do t...

CVE-2024-11627

Summary: CVE-2024-11627 is an insufficient session expiration vulnerability in Progress Sitefinity that enables session fixation. Affected software: Progress Sitefinity across multiple versions (4.0–14.4.8142; 15.0.8200–15.0.8229; 15.1.8300–15.1.8327; 15.2.8400–15.2.8421). Vulnerability type: ses...

CVE-2017-18177

Progress Sitefinity 9.1 is affected by a cross-site scripting (XSS) vulnerability exposed via the Last name, First name, and About fields on the New User Creation Page. The issue arises in the 9.1 release and is fixed in version 10.1. The available connected sources consistently describe this vul...

CVE-2017-18178

Progress Sitefinity 9.1 is affected by CVE-2017-18178, an open redirect in Authenticate/SWT where an authentication token may be sent to the redirection target when the target is specified using a particular %40 syntax. The issue is resolved in version 10.1. No exploitation details are provided i...

CVE-2017-18179

Progress Sitefinity 9.1 contains a vulnerability where wrap_access_token is a non‑expiring authentication token that remains valid after a password change or session termination and is transmitted as a GET parameter. This could enable token exposure and unauthorized access. The issue is fixed in ...

CVE-2023-6784

Progress Sitefinity (the platform referenced across multiple sources) has a reported input validation error vulnerability associated with CVE-2023-6784 that could enable a malicious user to use the system to distribute phishing emails. The connected documents describe the issue as an input valida...

CVE-2023-29375

Progress Sitefinity (versions 13.3 up to 13.3.7647, 14.0 up to 14.0.7736, 14.1 up to 14.1.7826, 14.2 up to 14.2.7930, and 14.3 up to 14.3.8025) is affected by a vulnerability allowing potentially dangerous file uploads via the SharePoint connector. The underlying issue is a file-upload risk expos...

CVE-2017-18176

Progress Sitefinity 9.1 is affected by a cross‑site scripting (XSS) vulnerability triggered by file uploads, where JavaScript in an HTML file shares origin with the app’s code. Details from multiple sources confirm the issue and that it is fixed in Sitefinity 10.1. The root cause is an XSS condit...

CVE-2026-7198

Progress Sitefinity CMS is affected by CVE-2026-7198 due to CWE-284 Improper Access Control in web services. Versions affected: 15.4.8623 and earlier, with disclosure that 15.4.8630 addresses the issue (exact remediation not detailed in the provided documents). A remote unauthenticated attacker c...

CVE-2026-7201

Progress Sitefinity (Progress) is affected by CVE-2026-7201: CWE-639, an authorization bypass through a user-controlled key in web services. A remote authenticated attacker can modify account properties of other users, potentially leading to account compromise, requiring access to values not norm...

CVE-2026-7195

CVE-2026-7195 affects Progress Sitefinity web services. The issue is CWE-20: Improper Input Validation in Sitefinity versions 14.1.x–14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630. A ...

CVE-2026-7313

CVE-2026-7313 affects Progress Sitefinity Web Services (versions 8.0.5700–13.3.7652). It describes CWE-522: Insufficiently Protected Credentials in web services, allowing a remote authenticated attacker to obtain plaintext credentials used to connect to the Sitefinity Insight service. Exploitatio...