Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sitefinity
(Progress)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-02-12 | CVE-2017-18179 | Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1. | Sitefinity | 8.8 | ||
| 2018-02-12 | CVE-2017-18178 | Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. | Sitefinity | 6.1 | ||
| 2018-02-12 | CVE-2017-18177 | Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1. | Sitefinity | 5.4 | ||
| 2018-02-12 | CVE-2017-18176 | Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | Sitefinity | 5.4 | ||
| 2018-02-12 | CVE-2017-18175 | Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. | Sitefinity | 5.4 | ||
| 2018-01-08 | CVE-2017-15883 | Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | Sitefinity | 9.8 |