Progress: >> Sitefinity >> 10.0.6429 Security Vulnerabilities
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-16
Potential Cross-Site Scripting (XSS) in the page editing area.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-02-28
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-02-28
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-12-20
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-26
An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-28