Sitefinity Security Vulnerabilities and Issues — Sitefinity CVE List

Lucene search

ProgressSitefinity

7 matches found

CVE•added 2018/01/08 7:29 p.m.•48 views

CVE-2017-15883

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

9.8CVSS9.4AI score0.00147EPSS

CVE•added 2018/09/28 12:29 a.m.•44 views

CVE-2018-17055

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.

7.5CVSS7.3AI score0.00325EPSS

CVE•added 2018/02/12 2:29 p.m.•42 views

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.

5.4CVSS5.3AI score0.00043EPSS

CVE•added 2018/02/12 2:29 p.m.•39 views

CVE-2017-18177

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.

5.4CVSS5.3AI score0.00043EPSS

CVE•added 2018/02/12 2:29 p.m.•39 views

CVE-2017-18178

Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.

6.1CVSS6.2AI score0.00143EPSS

CVE•added 2018/02/12 2:29 p.m.•39 views

CVE-2017-18179

Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.

8.8CVSS7AI score0.01034EPSS

CVE•added 2018/02/12 2:29 p.m.•34 views

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

5.4CVSS5.4AI score0.00043EPSS