Vulnerabilities > Progress > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-03 | CVE-2018-17054 | Cross-site Scripting vulnerability in Progress Sitefinity CMS Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053. | 6.1 |
| 2018-10-03 | CVE-2018-17053 | Cross-site Scripting vulnerability in Progress Sitefinity CMS Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054. | 6.1 |
| 2018-09-28 | CVE-2018-17056 | Cross-site Scripting vulnerability in Progress Sitefinity CMS 10.2/11.0 Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-09-28 | CVE-2018-14037 | Cross-site Scripting vulnerability in Progress Kendo UI 2018.1.221 Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. | 6.1 |
| 2018-02-12 | CVE-2017-18178 | Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. | 6.1 |
| 2018-02-12 | CVE-2017-18177 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. | 5.4 |
| 2018-02-12 | CVE-2017-18176 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. | 5.4 |
| 2018-02-12 | CVE-2017-18175 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. | 5.4 |
| 2017-05-22 | CVE-2017-9140 | Cross-site Scripting vulnerability in Progress Sitefinity CMS and Telerik Reporting Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | 6.1 |
| 2015-12-27 | CVE-2015-6005 | Cross-site Scripting vulnerability in Progress Whatsup Gold Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | 6.9 |