Vulnerabilities > Progress > Sitefinity > Low

DATE CVE VULNERABILITY TITLE RISK
2018-02-12 CVE-2017-18175 Cross-site Scripting vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element.
network
progress CWE-79
3.5
2018-02-12 CVE-2017-18176 Cross-site Scripting vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code.
network
progress CWE-79
3.5
2018-02-12 CVE-2017-18177 Cross-site Scripting vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page.
network
progress CWE-79
3.5