Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
progress sitefinity vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-17056
Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 up to and including 11.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Progress Sitefinity Cms
312
VMScore
CVE-2017-18175
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
Progress Sitefinity 9.1
312
VMScore
CVE-2017-18176
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
Progress Sitefinity 9.1
312
VMScore
CVE-2017-18177
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
Progress Sitefinity 9.1
516
VMScore
CVE-2017-18178
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
Progress Sitefinity 9.1
578
VMScore
CVE-2017-18179
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
Progress Sitefinity 9.1
668
VMScore
CVE-2017-15883
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote malicious users to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
Progress Sitefinity 5.1
Progress Sitefinity 5.2
Progress Sitefinity 5.3
Progress Sitefinity 5.4
Progress Sitefinity 6.0
Progress Sitefinity 6.1
Progress Sitefinity 6.2
Progress Sitefinity 6.3
Progress Sitefinity 7.0
Progress Sitefinity 7.1
Progress Sitefinity 7.2
Progress Sitefinity 7.3
Progress Sitefinity 8.0
Progress Sitefinity 8.1
Progress Sitefinity 8.2
Progress Sitefinity 9.0
Progress Sitefinity 9.1
Progress Sitefinity 9.2
Progress Sitefinity 10.0
Progress Sitefinity 10.1
760
VMScore
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity prior to 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote malicious users to defeat cryptographic pro...
Telerik Sitefinity Cms
Telerik Ui For Asp.net Ajax
1 EDB exploit
17 Github repositories
1 Article
383
VMScore
CVE-2017-9140
Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote malicious users to inject arbitrary web script or HTML via the bgColor parameter to Telerik...
Progress Telerik Reporting
Progress Sitefinity Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2