Progress: Security Vulnerabilities
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-01-07
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
6.8
EPSS Score
0.001
Published
2025-01-07
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-12-31
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
CVSS Score
9.4
EPSS Score
0.045
Published
2024-12-31
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVSS Score
9.6
EPSS Score
0.011
Published
2024-12-31
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
CVSS Score
9.8
EPSS Score
0.35
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\.
CVSS Score
9.8
EPSS Score
0.11
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.014
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.175
Published
2024-12-02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account.
CVSS Score
8.8
EPSS Score
0.012
Published
2024-12-02