Vulnerabilities > Progress > Sitefinity

DATE CVE VULNERABILITY TITLE RISK
2018-02-12 CVE-2017-18178 Open Redirect vulnerability in Progress Sitefinity 9.1
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax.
network
low complexity
progress CWE-601
6.1
2018-02-12 CVE-2017-18177 Cross-site Scripting vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page.
network
low complexity
progress CWE-79
5.4
2018-02-12 CVE-2017-18176 Cross-site Scripting vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code.
network
low complexity
progress CWE-79
5.4
2018-02-12 CVE-2017-18175 Cross-site Scripting vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element.
network
low complexity
progress CWE-79
5.4
2018-01-08 CVE-2017-15883 Improper Authentication vulnerability in Progress Sitefinity
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.
network
low complexity
progress CWE-287
critical
9.8
2017-07-03 CVE-2017-9248 Insufficiently Protected Credentials vulnerability in multiple products
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
network
low complexity
telerik progress CWE-522
critical
9.8