CVE-2017-9248

CVE-2017-9248 affects Progress Telerik UI for ASP.NET AJAX (and Sitefinity) prior to R2 2017 SP1 / 10.0.6412.0. The vulnerability lies in Telerik.Web.UI.dll handling of the Telerik.Web.UI.DialogParametersEncryptionKey and the MachineKey, enabling an attacker to defeat cryptographic protection and...

CVE-2024-1636

CVE-2024-1636 is a reported Cross-Site Scripting (XSS) issue described as affecting the page editing area in Sitefinity CMS (Progress). The Red Hat entry reiterates the same CVE and frames it in terms of low-privilege user access potentially impacting the Sitefinity backend. Public documents do n...

CVE-2024-1632

CVE-2024-1632 is a vulnerability in Progress Sitefinity CMS where low-privileged users with backend access can obtain sensitive information from the administrative area. The connected sources confirm the issue affects the Sitefinity backend and constitutes an information disclosure (confidentiali...

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows Cross‑Site Scripting (XSS) by authenticated users via the SF Editor’s content form. Affected component: SF Editor in Sitefinity; vulnerability arises in input handling within the editor, enabling script execution when payloads are submitted and viewed. Imp...