Progress: >> Sitefinity >> 13.3.7638 Security Vulnerabilities
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-16
Potential Cross-Site Scripting (XSS) in the page editing area.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-02-28
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-02-28
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-12-20
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-04-10
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-10