RSS   Vulnerabilities for 'Sitefinity'   RSS

2019-11-26
 
CVE-2019-17392

CWE-640
 
 
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.

 
2018-02-12
 
CVE-2017-18179

CWE-287
 
 
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.

 
 
CVE-2017-18178

CWE-601
 
 
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.

 
 
CVE-2017-18177

CWE-79
 
 
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.

 
 
CVE-2017-18176

CWE-79
 
 
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

 
 
CVE-2017-18175

CWE-79
 
 
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.

 
2018-01-08
 
CVE-2017-15883

CWE-287
 
 
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

 

 >>> Vendor: Progress 14 Products
Webspeed
Progress
Database
4gl compiler
Webspeed messenger
Openedge
Sitefinity cms
Sitefinity
Kendo ui editor
Fiddler
Kendo ui
Ipswitch ws ftp server
Moveit transfer
Moveit automation

Copyright 2024, cxsecurity.com

 

Back to Top