Vulnerabilities > Progress > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-08 | CVE-2018-17060 | Unspecified vulnerability in Progress Telerik Extensions FOR Asp.Net MVC Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. | 5.0 |
| 2018-10-03 | CVE-2018-17054 | Cross-site Scripting vulnerability in Progress Sitefinity CMS Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053. | 4.3 |
| 2018-10-03 | CVE-2018-17053 | Cross-site Scripting vulnerability in Progress Sitefinity CMS Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054. | 4.3 |
| 2018-09-28 | CVE-2018-17056 | Cross-site Scripting vulnerability in Progress Sitefinity CMS 10.2/11.0 Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 5.0 |
| 2018-09-28 | CVE-2018-14037 | Cross-site Scripting vulnerability in Progress Kendo UI 2018.1.221 Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. | 4.3 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 6.5 |
| 2018-02-12 | CVE-2017-18178 | Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. | 5.8 |
| 2017-07-17 | CVE-2017-1000026 | Path Traversal vulnerability in Progress Mixlib-Archive 0.1.0/0.2.0/0.3.0 Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | 5.0 |
| 2017-05-22 | CVE-2017-9140 | Cross-site Scripting vulnerability in Progress Sitefinity CMS and Telerik Reporting Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | 6.1 |