Known Vulnerabilities for Sitefinity by Progress
Listed below are 10 of the newest known vulnerabilities associated with "Sitefinity" by "Progress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-7313 json | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 all... | Not Provided | 2026-06-02 | 2026-06-03 |
| CVE-2026-7312 json | CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, a... | Not Provided | 2026-06-02 | 2026-06-03 |
| CVE-2026-7201 json | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.... | Not Provided | 2026-06-02 | 2026-06-02 |
| CVE-2026-7198 json | CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenti... | Not Provided | 2026-06-02 | 2026-06-03 |
| CVE-2026-7195 json | CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0... | Not Provided | 2026-06-02 | 2026-06-04 |
| CVE-2023-29376 json | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 befo... | 5.4 - MEDIUM | 2023-04-10 | 2023-04-14 |
| CVE-2023-29375 json | An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 befo... | 9.8 - CRITICAL | 2023-04-10 | 2023-04-14 |
| CVE-2019-17392 json | Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mish... | 9.8 - CRITICAL | 2019-11-26 | 2019-12-14 |
| CVE-2019-7215 json | Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in t... | 6.5 - MEDIUM | 2019-06-06 | 2023-11-07 |
| CVE-2018-17055 json | An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | 7.5 - HIGH | 2018-09-28 | 2018-12-12 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Progress | Sitefinity | 9.2.6276 | |||
| Application | Progress | Sitefinity | 9.2.6274 | |||
| Application | Progress | Sitefinity | 9.2 | |||
| Application | Progress | Sitefinity | 9.1.6185 | |||
| Application | Progress | Sitefinity | 9.1.6183 | |||
| Application | Progress | Sitefinity | 9.1.6180 | |||
| Application | Progress | Sitefinity | 9.1 | |||
| Application | Progress | Sitefinity | 9.0.6063 | |||
| Application | Progress | Sitefinity | 9.0 | |||
| Application | Progress | Sitefinity | 8.2.5973 | |||
| Application | Progress | Sitefinity | 8.2 | |||
| Application | Progress | Sitefinity | 8.1.5863 | |||
| Application | Progress | Sitefinity | 8.1 | |||
| Application | Progress | Sitefinity | 8.0.5773 | |||
| Application | Progress | Sitefinity | 8.0 | |||
| Application | Progress | Sitefinity | 7.3.5693 | |||
| Application | Progress | Sitefinity | 7.3 | |||
| Application | Progress | Sitefinity | 7.2.5353 | |||
| Application | Progress | Sitefinity | 7.2 | |||
| Application | Progress | Sitefinity | 7.1.5243 |