Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
progress sitefinity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6784
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
Progress Sitefinity
NA
CVE-2023-29376
An issue exists in Progress Sitefinity 13.3 prior to 13.3.7647, 14.0 prior to 14.0.7736, 14.1 prior to 14.1.7826, 14.2 prior to 14.2.7930, and 14.3 prior to 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.
Progress Sitefinity
NA
CVE-2023-29375
An issue exists in Progress Sitefinity 13.3 prior to 13.3.7647, 14.0 prior to 14.0.7736, 14.1 prior to 14.1.7826, 14.2 prior to 14.2.7930, and 14.3 prior to 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.
Progress Sitefinity
668
VMScore
CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
Progress Sitefinity
383
VMScore
CVE-2017-18639
Progress Sitefinity CMS prior to 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImag...
Progress Sitefinity Cms
570
VMScore
CVE-2019-7215
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials...
Progress Sitefinity
383
VMScore
CVE-2018-17053
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2...
Progress Sitefinity Cms
383
VMScore
CVE-2018-17054
Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2...
Progress Sitefinity Cms
445
VMScore
CVE-2018-17055
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 up to and including 11.0 related to image uploads.
Progress Sitefinity
383
VMScore
CVE-2018-17056
Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Progress Sitefinity Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »