Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-14	CVE-2020-12677	Cross-site Scripting vulnerability in Progress Moveit Automation An issue was discovered in Progress MOVEit Automation Web Admin. network low complexity progress CWE-79	6.1
2019-11-06	CVE-2017-18639	Cross-site Scripting vulnerability in Progress Sitefinity CMS 10.0/4.2 Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title. network low complexity progress CWE-79	6.1
2019-06-11	CVE-2019-12143	Path Traversal vulnerability in Progress WS FTP Server A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. network low complexity progress CWE-22	5.3
2019-06-06	CVE-2019-7215	Insufficient Session Expiration vulnerability in Progress Sitefinity Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. network low complexity progress CWE-613	6.5
2018-10-08	CVE-2018-17060	Unspecified vulnerability in Progress Telerik Extensions for Asp.Net MVC Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. network low complexity progress	5.3
2018-10-03	CVE-2018-17054	Cross-site Scripting vulnerability in Progress Sitefinity CMS Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053. network low complexity progress CWE-79	6.1
2018-10-03	CVE-2018-17053	Cross-site Scripting vulnerability in Progress Sitefinity CMS Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054. network low complexity progress CWE-79	6.1
2018-09-28	CVE-2018-17056	Cross-site Scripting vulnerability in Progress Sitefinity CMS 10.2/11.0 Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity progress CWE-79	6.1
2018-09-28	CVE-2018-14037	Cross-site Scripting vulnerability in Progress Kendo UI 2018.1.221 Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. network low complexity progress CWE-79	6.1
2018-02-12	CVE-2017-18178	Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. network low complexity progress CWE-601	6.1