CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29375
https://notcve.org/view.php?id=CVE-2023-29375
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023 https://www.progress.com/sitefinity-cms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29376
https://notcve.org/view.php?id=CVE-2023-29376
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023 https://www.progress.com/sitefinity-cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27665
https://notcve.org/view.php?id=CVE-2022-27665
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. • https://github.com/dievus/CVE-2022-27665 https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 https://docs.ipswitch.com/WS_FTP_Server2020/ReleaseNotes/index.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24029
https://notcve.org/view.php?id=CVE-2023-24029
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. • https://community.progress.com/s/article/WS-FTP-Server-Critical-Security-Product-Alert-Bulletin-January-2023?popup=true https://www.progress.com/ws_ftp • CWE-863: Incorrect Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42711
https://notcve.org/view.php?id=CVE-2022-42711
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. En Progress WhatsUp Gold versiones anteriores a 22.1.0, un endpoint de la aplicación SNMP MIB Walker no saneaba apropiadamente la entrada maliciosa. Esto podría permitir a un atacante no autenticado ejecutar código arbitrario en el navegador de la víctima • https://community.progress.com/s/article/Product-Alert-Bulletin-October-2022 https://www.progress.com https://www.progress.com/network-monitoring • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •