Page 27 of 169 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17056

https://notcve.org/view.php?id=CVE-2018-17056

Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en ServiceStack en Progress Sitefinity CMS, de la versión 10.2 a la 11.0, permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-17055

https://notcve.org/view.php?id=CVE-2018-17055

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Una vulnerabilidad de subida de archivos arbitrarios en Progress Sitefinity CMS, desde la versión 4.0 hasta la 11.0, relacionada con la subida de imágenes. • https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-14037 – Progress Kendo UI Editor 2018.1.221 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-14037

Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. Vulnerabilidad Cross-Site Scripting (XSS) en Progress Kendo UI Editor v2018.1.221 permite que atacantes remotos inyecten JavaScript arbitrario en el DOM del editor WYSIWYG debido a la función editorNS.Serializer toEditableHtml en kendo.all.min.js. • http://seclists.org/fulldisclosure/2018/Sep/49 http://seclists.org/fulldisclosure/2018/Sep/50 https://www.sec-consult.com/en/blog/advisories/stored-cross-site-scripting-in-kendo-ui-editor-cve-2018-14037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2017-18179

https://notcve.org/view.php?id=CVE-2017-18179

Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1. Progress Sitefinity 9.1 emplea wrap_access_token como token de autenticación sin caducidad que sigue siendo válido tras un cambio de contraseña o una finalización de sesión. Además, se transmite como parámetro GET. • https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html • CWE-287: Improper Authentication •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2017-18177

https://notcve.org/view.php?id=CVE-2017-18177

Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1. Progress Sitefinity 9.1 tiene XSS mediante los campos Last name, First name y About en la página de creación de nuevo usuario. Esto se ha solucionado en la versión 10.1. • https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •