Vulnerabilities > Progress > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-40047 | Cross-site Scripting vulnerability in Progress WS FTP Server In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. | 4.8 |
| 2023-09-20 | CVE-2023-42656 | Cross-site Scripting vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | 6.1 |
| 2023-07-17 | CVE-2023-28864 | Insecure Storage of Sensitive Information vulnerability in Progress Chef Infra Server Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. | 5.5 |
| 2023-06-23 | CVE-2023-35759 | Cross-site Scripting vulnerability in Progress Whatsup Gold In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. | 6.1 |
| 2023-06-09 | CVE-2023-34363 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. | 5.9 |
| 2023-04-21 | CVE-2023-26100 | Cross-site Scripting vulnerability in Progress Flowmon OS In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. | 6.1 |
| 2023-04-10 | CVE-2023-29376 | Cross-site Scripting vulnerability in Progress Sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. | 5.4 |
| 2023-04-03 | CVE-2022-27665 | Cross-site Scripting vulnerability in Progress WS FTP Server 8.6.0 Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. | 6.1 |
| 2022-08-02 | CVE-2022-36967 | Cross-site Scripting vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. | 6.1 |
| 2022-08-02 | CVE-2022-36968 | Cross-Site Request Forgery (CSRF) vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | 4.3 |