Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
progress sitefinity vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-6784
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
Progress Sitefinity
9.8
CVSSv3
CVE-2023-29375
An issue exists in Progress Sitefinity 13.3 prior to 13.3.7647, 14.0 prior to 14.0.7736, 14.1 prior to 14.1.7826, 14.2 prior to 14.2.7930, and 14.3 prior to 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.
Progress Sitefinity
5.4
CVSSv3
CVE-2023-29376
An issue exists in Progress Sitefinity 13.3 prior to 13.3.7647, 14.0 prior to 14.0.7736, 14.1 prior to 14.1.7826, 14.2 prior to 14.2.7930, and 14.3 prior to 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.
Progress Sitefinity
9.8
CVSSv3
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Progress Sitefinity
6.1
CVSSv3
CVE-2017-18639
Progress Sitefinity CMS prior to 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImag...
Progress Sitefinity Cms
6.5
CVSSv3
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials...
Progress Sitefinity
6.1
CVSSv3
CVE-2018-17053
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2...
Progress Sitefinity Cms
6.1
CVSSv3
CVE-2018-17054
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2...
Progress Sitefinity Cms
7.5
CVSSv3
CVE-2018-17055
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 up to and including 11.0 related to image uploads.
Progress Sitefinity
6.1
CVSSv3
CVE-2018-17056
Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Progress Sitefinity Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »