NotCVE - vendor:"Progress" product:"Sitefinity" version:" >= 11.2 <= 11.2.6934"

7 results (0.006 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-11627

https://notcve.org/view.php?id=CVE-2024-11627

07 Jan 2025 — : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. La vulnerabilidad de expiración de sesión insuficiente en Progress Sitefinity permite: fijación de sesión. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, desde la versión 15.1.83... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-613: Insufficient Session Expiration •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-11626

https://notcve.org/view.php?id=CVE-2024-11626

07 Jan 2025 — Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web del backend de CMS (sección administrativa) (XSS o 'Cross-site Scripting') en Progress Site... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-11625

https://notcve.org/view.php?id=CVE-2024-11625

07 Jan 2025 — Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de exposición de información a través de un mensaje de error en Sitefinity de Progress Software Corporation. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, ... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity

https://notcve.org/view.php?id=CVE-2024-4882

08 Jul 2024 — The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-6784 – Potential Use of the Sitefinity System for Distribution of Phishing Emails

https://notcve.org/view.php?id=CVE-2023-6784

20 Dec 2023 — A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Un usuario malintencionado podría utilizar el sistema Sitefinity para la distribución de correos electrónicos de phishing. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2019-17392

https://notcve.org/view.php?id=CVE-2019-17392

26 Nov 2019 — Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. Progress Sitefinity versión 12.1, tiene un mecanismo de recuperación de contraseña débil para una contraseña olvidada porque el encabezado de Host de HTTP es manejado inapropiadamente. • https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2019-7215

https://notcve.org/view.php?id=CVE-2019-7215

06 Jun 2019 — Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed. Progress Sitefinity 10.1.6536 no invalida las cookies de sesión al cerrar la sesión. En su lugar, intenta sobrescribir la cookie en el navegador, pero sigue siendo válida en el lado del servidor. • https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D • CWE-613: Insufficient Session Expiration •