CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity
https://notcve.org/view.php?id=CVE-2024-4882
The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 https://www.progress.com/sitefinity-cms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6784 – Potential Use of the Sitefinity System for Distribution of Phishing Emails
https://notcve.org/view.php?id=CVE-2023-6784
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Un usuario malintencionado podría utilizar el sistema Sitefinity para la distribución de correos electrónicos de phishing. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 https://www.progress.com/sitefinity-cms • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-17392
https://notcve.org/view.php?id=CVE-2019-17392
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. Progress Sitefinity versión 12.1, tiene un mecanismo de recuperación de contraseña débil para una contraseña olvidada porque el encabezado de Host de HTTP es manejado inapropiadamente. • https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •