Known Vulnerabilities for Sitefinity by Progress
Listed below are 9 of the newest known vulnerabilities associated with "Sitefinity" by "Progress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-17392 | Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mish... | 9.8 - CRITICAL | 2019-11-26 | 2019-12-14 |
| CVE-2019-7215 | Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in t... | 6.5 - MEDIUM | 2019-06-06 | 2023-11-07 |
| CVE-2018-17055 | An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 - HIGH | 2018-09-28 | 2018-12-12 |
| CVE-2017-18179 | Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password cha... | 8.8 - HIGH | 2018-02-12 | 2018-03-05 |
| CVE-2017-18178 | Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redire... | 6.1 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-18177 | Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed ... | 5.4 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-18176 | Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the applicati... | 5.4 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-18175 | Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrate... | 5.4 - MEDIUM | 2018-02-12 | 2018-03-05 |
| CVE-2017-15883 | Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently ... | 9.8 - CRITICAL | 2018-01-08 | 2018-02-01 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Progress | Sitefinity | 9.2.6276 | All | All | All |
| Application | Progress | Sitefinity | 9.2.6274 | All | All | All |
| Application | Progress | Sitefinity | 9.2 | All | All | All |
| Application | Progress | Sitefinity | 9.1.6185 | All | All | All |
| Application | Progress | Sitefinity | 9.1.6183 | All | All | All |
| Application | Progress | Sitefinity | 9.1.6180 | All | All | All |
| Application | Progress | Sitefinity | 9.1 | All | All | All |
| Application | Progress | Sitefinity | 9.0.6063 | All | All | All |
| Application | Progress | Sitefinity | 9.0 | All | All | All |
| Application | Progress | Sitefinity | 8.2.5973 | All | All | All |
| Application | Progress | Sitefinity | 8.2 | All | All | All |
| Application | Progress | Sitefinity | 8.1.5863 | All | All | All |
| Application | Progress | Sitefinity | 8.1 | All | All | All |
| Application | Progress | Sitefinity | 8.0.5773 | All | All | All |
| Application | Progress | Sitefinity | 8.0 | All | All | All |
| Application | Progress | Sitefinity | 7.3.5693 | All | All | All |
| Application | Progress | Sitefinity | 7.3 | All | All | All |
| Application | Progress | Sitefinity | 7.2.5353 | All | All | All |
| Application | Progress | Sitefinity | 7.2 | All | All | All |
| Application | Progress | Sitefinity | 7.1.5243 | All | All | All |