Sitefinity@* Security Vulnerabilities and Issues — Sitefinity@* CVE List

Lucene search

ProgressSitefinity*

13 matches found

CVE•added 2017/07/03 7:29 p.m.•1261 views

CVE-2017-9248

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading...

9.8CVSS9.2AI score0.87802EPSS

CVE•added 2019/06/06 5:29 p.m.•133 views

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions ar...

6.5CVSS6.4AI score0.00007EPSS

CVE•added 2024/02/28 12:15 p.m.•103 views

CVE-2024-1636

Potential Cross-Site Scripting (XSS) in the page editing area.

8CVSS6.9AI score0.00051EPSS

CVE•added 2024/02/28 12:15 p.m.•83 views

CVE-2024-1632

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.

8.8CVSS8.3AI score0.01698EPSS

CVE•added 2019/11/26 6:15 p.m.•61 views

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

9.8CVSS9.3AI score0.00485EPSS

CVE•added 2024/06/16 9:15 p.m.•47 views

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.

6.5CVSS6AI score0.00192EPSS

CVE•added 2018/09/28 12:29 a.m.•44 views

CVE-2018-17055

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

7.5CVSS7.3AI score0.00261EPSS

CVE•added 2025/01/07 8:15 a.m.•44 views

CVE-2024-11626

Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15...

8.4CVSS8.5AI score0.00023EPSS

CVE•added 2023/04/10 3:15 p.m.•43 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.

5.4CVSS5.1AI score0.00041EPSS

CVE•added 2025/01/07 8:15 a.m.•41 views

CVE-2024-11627

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

8.1CVSS6.6AI score0.00036EPSS

CVE•added 2025/01/07 8:15 a.m.•38 views

CVE-2024-11625

Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

7.7CVSS7.6AI score0.00023EPSS

CVE•added 2023/04/10 3:15 p.m.•37 views

CVE-2023-29375

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.

9.8CVSS9.4AI score0.01201EPSS

CVE•added 2023/12/20 2:15 p.m.•34 views

CVE-2023-6784

A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.

4.7CVSS4.7AI score0.00018EPSS