Vulnerabilities > Progress > Sitefinity > 11.0.6736

DATE CVE VULNERABILITY TITLE RISK
2024-06-16 CVE-2023-27636 Cross-site Scripting vulnerability in Progress Sitefinity
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
network
low complexity
progress CWE-79
5.4
5.4
2024-02-28 CVE-2024-1632 Unspecified vulnerability in Progress Sitefinity
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
network
low complexity
progress
6.5
6.5
2024-02-28 CVE-2024-1636 Cross-site Scripting vulnerability in Progress Sitefinity
Potential Cross-Site Scripting (XSS) in the page editing area.
network
low complexity
progress CWE-79
5.4
5.4
2023-12-20 CVE-2023-6784 Unspecified vulnerability in Progress Sitefinity
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
network
low complexity
progress
4.3
4.3
2019-11-26 CVE-2019-17392 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Progress Sitefinity
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
network
low complexity
progress CWE-640
critical
 9.8
9.8