Progress Software Corporation Sitefinity vulnerabilities
7 known vulnerabilities affecting progress_software_corporation/sitefinity.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-1968P3HIGHCVSS 7.7≥ 14.0, ≤ 14.3≥ 14.4, < 14.4.8145+3 more2025-04-09
CVE-2025-1968 [HIGH] CWE-613 CVE-2025-1968: Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
nvd
CVE-2024-1632P3MEDIUMCVSS 6.5≥ 13.3.7600, < 13.3.7649≥ 14.4.8100, < 14.4.8135+1 more2024-02-28
CVE-2024-1632 [MEDIUM] CWE-284 CVE-2024-1632: Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
nvd
CVE-2024-4882P4MEDIUMCVSS 5.3fixed in 15.1.8322.02024-07-08
CVE-2024-4882 [MEDIUM] CWE-601 CVE-2024-4882: The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions.
The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions.
nvd
CVE-2024-11625P4MEDIUMCVSS 5.3≥ 4.0, ≤ 14.4.8142≥ 15.0.8200, ≤ 15.0.8229+2 more2025-01-07
CVE-2024-11625 [MEDIUM] CWE-209 CVE-2024-11625: Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefin
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
nvd
CVE-2024-1636P4MEDIUMCVSS 5.4≥ 13.3.7600, < 13.3.7649≥ 14.4.8100, < 14.4.8135+1 more2024-02-28
CVE-2024-1636 [MEDIUM] CWE-79 CVE-2024-1636: Potential Cross-Site Scripting (XSS) in the page editing area.
Potential Cross-Site Scripting (XSS) in the page editing area.
nvd
CVE-2024-11626P4MEDIUMCVSS 4.8≥ 4.0, ≤ 14.4.8142≥ 15.0.8200, ≤ 15.0.8229+2 more2025-01-07
CVE-2024-11626 [MEDIUM] CWE-79 CVE-2024-11626: Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
nvd
CVE-2023-6784P4MEDIUMCVSS 4.3≥ 15.0, < 15.0.8223≥ 14.4, < 14.4.8133+4 more2023-12-20
CVE-2023-6784 [MEDIUM] CWE-20 CVE-2023-6784: A malicious user could potentially use the Sitefinity system for the distribution of phishing email
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
nvd