Vulnerabilities > Progress > Sitefinity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
| 2023-12-20 | CVE-2023-6784 | Unspecified vulnerability in Progress Sitefinity A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. | 4.3 |
| 2019-11-26 | CVE-2019-17392 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Progress Sitefinity Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | 7.5 |
| 2019-06-06 | CVE-2019-7215 | Insufficient Session Expiration vulnerability in Progress Sitefinity Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. | 6.5 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 5.0 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 6.5 |
| 2018-02-12 | CVE-2017-18178 | Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. | 5.8 |
| 2018-02-12 | CVE-2017-18177 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. | 3.5 |
| 2018-02-12 | CVE-2017-18176 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. | 3.5 |
| 2018-02-12 | CVE-2017-18175 | Cross-site Scripting vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. | 3.5 |