NotCVE - vendor:"Progress" product:"Sitefinity" version:" >= 4.0

16 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity

https://notcve.org/view.php?id=CVE-2024-4882

The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 https://www.progress.com/sitefinity-cms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-1636 – Potential Cross-Site Scripting (XSS) in the page editing area

https://notcve.org/view.php?id=CVE-2024-1636

Potential Cross-Site Scripting (XSS) in the page editing area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 https://www.progress.com/sitefinity-cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-1632 – Incorrect access control in the Sitefinity backend

https://notcve.org/view.php?id=CVE-2024-1632

Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 https://www.progress.com/sitefinity-cms • CWE-284: Improper Access Control •

CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-6784 – Potential Use of the Sitefinity System for Distribution of Phishing Emails

https://notcve.org/view.php?id=CVE-2023-6784

A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Un usuario malintencionado podría utilizar el sistema Sitefinity para la distribución de correos electrónicos de phishing. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 https://www.progress.com/sitefinity-cms • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-29376

https://notcve.org/view.php?id=CVE-2023-29376

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023 https://www.progress.com/sitefinity-cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4