Sitefinity Security Vulnerabilities and Issues — Sitefinity CVE List

Lucene search

ProgressSitefinity

5 matches found

CVE•added 2024/02/28 12:15 p.m.•104 views

CVE-2024-1636

Potential Cross-Site Scripting (XSS) in the page editing area.

8CVSS6.9AI score0.00051EPSS

CVE•added 2024/02/28 12:15 p.m.•84 views

CVE-2024-1632

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.

8.8CVSS8.3AI score0.01698EPSS

CVE•added 2025/01/07 8:15 a.m.•45 views

CVE-2024-11626

Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15...

8.4CVSS8.5AI score0.00023EPSS

CVE•added 2025/01/07 8:15 a.m.•42 views

CVE-2024-11627

: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

8.1CVSS6.6AI score0.00036EPSS

CVE•added 2018/02/12 2:29 p.m.•40 views

CVE-2017-18179

Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.

8.8CVSS7AI score0.00982EPSS