Vulnerability Details CVE-2017-18177
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html
- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html
- https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html
- https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html
Products affected by CVE-2017-18177
-
cpe:2.3:a:progress:sitefinity:9.1