Vulnerabilities > Progress > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-21 | CVE-2023-26100 | Cross-site Scripting vulnerability in Progress Flowmon OS In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. | 6.1 |
| 2023-04-10 | CVE-2023-29376 | Cross-site Scripting vulnerability in Progress Sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. | 5.4 |
| 2023-04-03 | CVE-2022-27665 | Cross-site Scripting vulnerability in Progress WS FTP Server 8.6.0 Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. | 6.1 |
| 2022-08-02 | CVE-2022-36967 | Cross-site Scripting vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. | 6.1 |
| 2022-08-02 | CVE-2022-36968 | Cross-Site Request Forgery (CSRF) vulnerability in Progress Ipswitch WS FTP Server In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | 4.3 |
| 2022-05-11 | CVE-2022-29845 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0 In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. | 6.5 |
| 2022-05-11 | CVE-2022-29846 | Unspecified vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | 5.3 |
| 2022-05-11 | CVE-2022-29848 | Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. | 6.5 |
| 2021-09-28 | CVE-2021-41318 | Cross-site Scripting vulnerability in Progress Whatsupgold In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. | 6.1 |
| 2020-11-17 | CVE-2020-28647 | Cross-site Scripting vulnerability in Progress Moveit Transfer In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. | 5.4 |