Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
progress sitefinity vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-18175
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
Progress Sitefinity 9.1
5.4
CVSSv3
CVE-2017-18176
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
Progress Sitefinity 9.1
5.4
CVSSv3
CVE-2017-18177
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
Progress Sitefinity 9.1
6.1
CVSSv3
CVE-2017-18178
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
Progress Sitefinity 9.1
8.8
CVSSv3
CVE-2017-18179
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Progress Sitefinity 9.1
9.8
CVSSv3
CVE-2017-15883
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote malicious users to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
Progress Sitefinity 5.2
Progress Sitefinity 5.3
Progress Sitefinity 5.4
Progress Sitefinity 6.0
Progress Sitefinity 10.0
Progress Sitefinity 10.1
Progress Sitefinity 5.1
Progress Sitefinity 6.1
Progress Sitefinity 6.3
Progress Sitefinity 7.1
Progress Sitefinity 8.2
Progress Sitefinity 9.1
Progress Sitefinity 7.2
Progress Sitefinity 7.3
Progress Sitefinity 8.0
Progress Sitefinity 8.1
Progress Sitefinity 6.2
Progress Sitefinity 7.0
Progress Sitefinity 9.0
Progress Sitefinity 9.2
9.8
CVSSv3
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity prior to 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote malicious users to defeat cryptographic pro...
Telerik Ui For Asp.net Ajax
Telerik Sitefinity Cms
1 EDB exploit
17 Github repositories
1 Article
6.1
CVSSv3
CVE-2017-9140
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote malicious users to inject arbitrary web script or HTML via the bgColor parameter to Telerik...
Progress Telerik Reporting
Progress Sitefinity Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2