Known Vulnerabilities for Sitefinity by Progress
Listed below are 10 of the newest known vulnerabilities associated with "Sitefinity" by "Progress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-29376 json | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 befo... | 5.4 - MEDIUM | 2023-04-10 | 2023-04-14 |
| CVE-2023-29375 json | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 befo... | 9.8 - CRITICAL | 2023-04-10 | 2023-04-14 |
| CVE-2019-17392 json | Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mish... | 9.8 - CRITICAL | 2019-11-26 | 2019-12-14 |
| CVE-2019-7215 json | Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in t... | 6.5 - MEDIUM | 2019-06-06 | 2023-11-07 |
| CVE-2018-17055 json | An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 - HIGH | 2018-09-28 | 2018-12-12 |
| CVE-2017-18179 json | Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password cha... | 8.8 - HIGH | 2018-02-12 | 2018-03-05 |
| CVE-2017-18178 json | Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redire... | 6.1 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-18177 json | Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed ... | 5.4 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-18176 json | Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the applicati... | 5.4 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-18175 json | Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrate... | 5.4 - MEDIUM | 2018-02-12 | 2018-03-05 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Progress | Sitefinity | 9.2.6276 | |||
| Application | Progress | Sitefinity | 9.2.6274 | |||
| Application | Progress | Sitefinity | 9.2 | |||
| Application | Progress | Sitefinity | 9.1.6185 | |||
| Application | Progress | Sitefinity | 9.1.6183 | |||
| Application | Progress | Sitefinity | 9.1.6180 | |||
| Application | Progress | Sitefinity | 9.1 | |||
| Application | Progress | Sitefinity | 9.0.6063 | |||
| Application | Progress | Sitefinity | 9.0 | |||
| Application | Progress | Sitefinity | 8.2.5973 | |||
| Application | Progress | Sitefinity | 8.2 | |||
| Application | Progress | Sitefinity | 8.1.5863 | |||
| Application | Progress | Sitefinity | 8.1 | |||
| Application | Progress | Sitefinity | 8.0.5773 | |||
| Application | Progress | Sitefinity | 8.0 | |||
| Application | Progress | Sitefinity | 7.3.5693 | |||
| Application | Progress | Sitefinity | 7.3 | |||
| Application | Progress | Sitefinity | 7.2.5353 | |||
| Application | Progress | Sitefinity | 7.2 | |||
| Application | Progress | Sitefinity | 7.1.5243 |