Vulnerabilities > Progress > Sitefinity > 14.3

DATE CVE VULNERABILITY TITLE RISK
2024-06-16 CVE-2023-27636 Cross-site Scripting vulnerability in Progress Sitefinity
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
network
low complexity
progress CWE-79
5.4
2024-02-28 CVE-2024-1632 Unspecified vulnerability in Progress Sitefinity
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
network
low complexity
progress
6.5
2024-02-28 CVE-2024-1636 Cross-site Scripting vulnerability in Progress Sitefinity
Potential Cross-Site Scripting (XSS) in the page editing area.
network
low complexity
progress CWE-79
5.4
2023-12-20 CVE-2023-6784 Unspecified vulnerability in Progress Sitefinity
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
network
low complexity
progress
4.3
2023-04-10 CVE-2023-29375 Unrestricted Upload of File with Dangerous Type vulnerability in Progress Sitefinity
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025.
network
low complexity
progress CWE-434
critical
9.8
2023-04-10 CVE-2023-29376 Cross-site Scripting vulnerability in Progress Sitefinity
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025.
network
low complexity
progress CWE-79
5.4