Home/Product/progress sitefinity
Product

progress sitefinity

19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-11627
>= 4.0 and < 14.4.8143
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: fr
6.8MEDIUM
 CVE-2024-11626
>= 4.0 and < 14.4.8143
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vu
8.4HIGH
 CVE-2024-11625
>= 4.0 and < 14.4.8143
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefin
7.7HIGH
 CVE-2023-27636
< 15.0.0
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
5.4MEDIUM
 CVE-2024-1636
< 13.3.7649
Potential Cross-Site Scripting (XSS) in the page editing area.
8.0HIGH
 CVE-2024-1632
< 13.3.7649
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
8.8HIGH
 CVE-2023-6784
>= 4.0 and < 13.3.7648
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
4.7MEDIUM
 CVE-2023-29376
>= 13.3 and < 13.3.7646
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14
5.4MEDIUM
 CVE-2023-29375
>= 13.3 and < 13.3.7646
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14
9.8CRITICAL
 CVE-2019-17392
>= 9.1 and < 9.1.6185
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandle
9.8CRITICAL
 CVE-2019-7215
>= 7.0 and < 7.0.5143
Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the br
6.5MEDIUM
 CVE-2018-17055
>= 4.0 and <= 11.0
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
7.5HIGH
 CVE-2017-18179
all versions
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change o
8.8HIGH
 CVE-2017-18178
all versions
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection
6.1MEDIUM
 CVE-2017-18177
all versions
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10
5.4MEDIUM
 CVE-2017-18176
all versions
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's
5.4MEDIUM
 CVE-2017-18175
all versions
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by
5.4MEDIUM
 CVE-2017-15883
all versions
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause
9.8CRITICAL
 CVE-2017-9248
< 10.0.6412.0
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin