Vulnerabilities > Progress
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-28 | CVE-2018-17056 | Cross-site Scripting vulnerability in Progress Sitefinity CMS 10.2/11.0 Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 5.0 |
| 2018-09-28 | CVE-2018-14037 | Cross-site Scripting vulnerability in Progress Kendo UI 2018.1.221 Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. | 4.3 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 6.5 |
| 2018-02-12 | CVE-2017-18178 | Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. | 5.8 |
| 2018-02-12 | CVE-2017-18177 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. | 3.5 |
| 2018-02-12 | CVE-2017-18176 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. | 3.5 |
| 2018-02-12 | CVE-2017-18175 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. | 3.5 |
| 2018-01-08 | CVE-2017-15883 | Improper Authentication vulnerability in Progress Sitefinity Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | 7.5 |
| 2017-10-31 | CVE-2015-9245 | Improper Access Control vulnerability in Progress Openedge Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | 7.5 |