Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-21 | CVE-2023-26101 | Path Traversal vulnerability in Progress Flowmon Packet Investigator 12.0.1 In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | 7.5 |
| 2023-04-10 | CVE-2023-29375 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. | 9.8 |
| 2023-04-10 | CVE-2023-29376 | Cross-site Scripting vulnerability in Progress Sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. | 5.4 |
| 2023-04-03 | CVE-2022-27665 | Cross-site Scripting vulnerability in Progress WS FTP Server 8.6.0 Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. | 6.1 |
| 2023-02-03 | CVE-2023-24029 | Incorrect Authorization vulnerability in Progress WS FTP Server In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | 7.2 |
| 2022-10-12 | CVE-2022-42711 | Cross-site Scripting vulnerability in Progress Whatsup Gold In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. | 9.6 |
| 2022-08-02 | CVE-2022-36967 | Cross-site Scripting vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. | 6.1 |
| 2022-08-02 | CVE-2022-36968 | Cross-Site Request Forgery (CSRF) vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | 4.3 |
| 2022-05-11 | CVE-2022-29845 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0 In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | 6.5 |
| 2022-05-11 | CVE-2022-29846 | Unspecified vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | 5.3 |