Progress Sitefinity vulnerabilities
24 known vulnerabilities affecting progress/sitefinity.
Total CVEs
24
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH6MEDIUM13
Vulnerabilities
Page 2 of 2
CVE-2017-18176P4MEDIUMCVSS 5.4v9.12018-02-12
CVE-2017-18176 [MEDIUM] CWE-79 CVE-2017-18176: Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the sam
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
nvd
CVE-2024-1636P4MEDIUMCVSS 5.4fixed in 13.3.7649≥ 14.0, < 14.4.8135+1 more2024-02-28
CVE-2024-1636 [MEDIUM] CWE-79 CVE-2024-1636: Potential Cross-Site Scripting (XSS) in the page editing area.
Potential Cross-Site Scripting (XSS) in the page editing area.
nvd
CVE-2024-11626P4MEDIUMCVSS 4.8≥ 4.0, < 14.4.8143≥ 15.0.8200, < 15.0.8230+2 more2025-01-07
CVE-2024-11626 [MEDIUM] CWE-79 CVE-2024-11626: Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
nvd
CVE-2023-6784P4MEDIUMCVSS 4.3≥ 4.0, < 13.3.7648≥ 14.1, < 14.1.7828+4 more2023-12-20
CVE-2023-6784 [MEDIUM] CWE-20 CVE-2023-6784: A malicious user could potentially use the Sitefinity system for the distribution of phishing email
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
nvd
← Previous2 / 2