Vulnerabilities > Progress > Sitefinity > 10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2023-27636 | Cross-site Scripting vulnerability in Progress Sitefinity Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | 5.4 |
| 2024-02-28 | CVE-2024-1632 | Unspecified vulnerability in Progress Sitefinity Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. | 6.5 |
| 2024-02-28 | CVE-2024-1636 | Cross-site Scripting vulnerability in Progress Sitefinity Potential Cross-Site Scripting (XSS) in the page editing area. | 5.4 |
| 2023-12-20 | CVE-2023-6784 | Unspecified vulnerability in Progress Sitefinity A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. | 4.3 |
| 2019-11-26 | CVE-2019-17392 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Progress Sitefinity Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. | 9.8 |
| 2019-06-06 | CVE-2019-7215 | Insufficient Session Expiration vulnerability in Progress Sitefinity Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. | 6.5 |
| 2018-09-28 | CVE-2018-17055 | Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 |
| 2018-01-08 | CVE-2017-15883 | Improper Authentication vulnerability in Progress Sitefinity Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | 9.8 |