Progress: >> Sitefinity >> 10.1.6542 Security Vulnerabilities
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
7.7
EPSS Score
0.0
Published
2025-01-07
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-01-07
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-01-07
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-06-16
Potential Cross-Site Scripting (XSS) in the page editing area.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-02-28
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-02-28
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-12-20
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-28