CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity
https://notcve.org/view.php?id=CVE-2024-4882
The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 https://www.progress.com/sitefinity-cms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-1636 – Potential Cross-Site Scripting (XSS) in the page editing area
https://notcve.org/view.php?id=CVE-2024-1636
Potential Cross-Site Scripting (XSS) in the page editing area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 https://www.progress.com/sitefinity-cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-1632 – Incorrect access control in the Sitefinity backend
https://notcve.org/view.php?id=CVE-2024-1632
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 https://www.progress.com/sitefinity-cms • CWE-284: Improper Access Control •
CVE-2023-6784 – Potential Use of the Sitefinity System for Distribution of Phishing Emails
https://notcve.org/view.php?id=CVE-2023-6784
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Un usuario malintencionado podría utilizar el sistema Sitefinity para la distribución de correos electrónicos de phishing. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 https://www.progress.com/sitefinity-cms • CWE-20: Improper Input Validation •
CVE-2023-29375
https://notcve.org/view.php?id=CVE-2023-29375
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023 https://www.progress.com/sitefinity-cms • CWE-434: Unrestricted Upload of File with Dangerous Type •