Sitefinity Security Vulnerabilities and Issues — Sitefinity CVE List

Lucene search

ProgressSitefinity

4 matches found

CVE•added 2023/04/10 3:15 p.m.•43 views

CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.

5.4CVSS5.1AI score0.00056EPSS

CVE•added 2018/02/12 2:29 p.m.•42 views

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.

5.4CVSS5.3AI score0.00043EPSS

CVE•added 2018/02/12 2:29 p.m.•39 views

CVE-2017-18177

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.

5.4CVSS5.3AI score0.00043EPSS

CVE•added 2018/02/12 2:29 p.m.•34 views

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

5.4CVSS5.4AI score0.00043EPSS