Vulnerability CVE-2017-9140

Vulnerability CVE-2017-9140

Published: 2017-05-22

Description:

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Affected software
Telerik -> Asp.net webforms report viewer
Progress -> Sitefinity cms

http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406

)

https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018

https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module