CVE-2017-9140

The CVE-2017-9140 issue affects Telerik Reporting for ASP.NET WebForms (Telerik.ReportViewer.WebForms.dll) prior to R1 2017 SP2 (11.0.17.406). It is a reflected XSS vulnerability exploitable via the bgColor parameter to Telerik.ReportViewer.axd, allowing attacker-controlled script/HTML execution ...

CVE-2018-17056

CVE-2018-17056 is an XSS vulnerability in ServiceStack used by Progress Sitefinity CMS. Connected sources confirm affected product/version range: Sitefinity 10.2.x through 11.0.x, with the underlying issue in the ServiceStack component enabling remote script/HTML injection via unspecified vectors...

CVE-2018-17054

CVE-2018-17054 is an XSS vulnerability in Sitefinity’s Identity Server component affecting Sitefinity CMS versions 10.0–11.0. The issue enables remote attackers to inject arbitrary web script or HTML via login request parameters. Connected sources confirm the identity of the vulnerable component ...

CVE-2017-18639

Progress Sitefinity CMS prior to version 10.1 is vulnerable to cross-site scripting (XSS) via multiple parameters: /Pages Page Title, /Content/News News Title, /Content/List List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Document Title, /Content/Images/LibraryImages/...

CVE-2018-17053

CVE-2018-17053 involves a cross-site scripting (XSS) vulnerability in the Identity Server component of Progress Sitefinity CMS, affecting Version 10.0 through 11.0. The issue allows authenticated or remote attackers to inject arbitrary web script or HTML via login-request parameters, potentially ...