CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11627
https://notcve.org/view.php?id=CVE-2024-11627
07 Jan 2025 — : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. La vulnerabilidad de expiración de sesión insuficiente en Progress Sitefinity permite: fijación de sesión. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, desde la versión 15.1.83... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-613: Insufficient Session Expiration •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11626
https://notcve.org/view.php?id=CVE-2024-11626
07 Jan 2025 — Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web del backend de CMS (sección administrativa) (XSS o 'Cross-site Scripting') en Progress Site... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11625
https://notcve.org/view.php?id=CVE-2024-11625
07 Jan 2025 — Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de exposición de información a través de un mensaje de error en Sitefinity de Progress Software Corporation. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, ... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity
https://notcve.org/view.php?id=CVE-2024-4882
08 Jul 2024 — The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27636 – Sitefinity 15.0 - Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27636
03 Jun 2024 — Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. Progress Sitefinity anterior a 15.0.0 permite XSS por parte de usuarios autenticados a través del formulario de contenido en el Editor SF. Sitefinity version 15.0 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/178900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1636 – Potential Cross-Site Scripting (XSS) in the page editing area
https://notcve.org/view.php?id=CVE-2024-1636
28 Feb 2024 — Potential Cross-Site Scripting (XSS) in the page editing area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 12%CPEs: 3EXPL: 0CVE-2024-1632 – Incorrect access control in the Sitefinity backend
https://notcve.org/view.php?id=CVE-2024-1632
28 Feb 2024 — Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6784 – Potential Use of the Sitefinity System for Distribution of Phishing Emails
https://notcve.org/view.php?id=CVE-2023-6784
20 Dec 2023 — A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Un usuario malintencionado podría utilizar el sistema Sitefinity para la distribución de correos electrónicos de phishing. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 7%CPEs: 5EXPL: 0CVE-2023-29375
https://notcve.org/view.php?id=CVE-2023-29375
10 Apr 2023 — An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29376
https://notcve.org/view.php?id=CVE-2023-29376
10 Apr 2023 — An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •