CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11627
https://notcve.org/view.php?id=CVE-2024-11627
07 Jan 2025 — : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. La vulnerabilidad de expiración de sesión insuficiente en Progress Sitefinity permite: fijación de sesión. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, desde la versión 15.1.83... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-613: Insufficient Session Expiration •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11626
https://notcve.org/view.php?id=CVE-2024-11626
07 Jan 2025 — Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web del backend de CMS (sección administrativa) (XSS o 'Cross-site Scripting') en Progress Site... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11625
https://notcve.org/view.php?id=CVE-2024-11625
07 Jan 2025 — Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de exposición de información a través de un mensaje de error en Sitefinity de Progress Software Corporation. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, ... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity
https://notcve.org/view.php?id=CVE-2024-4882
08 Jul 2024 — The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6784 – Potential Use of the Sitefinity System for Distribution of Phishing Emails
https://notcve.org/view.php?id=CVE-2023-6784
20 Dec 2023 — A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Un usuario malintencionado podría utilizar el sistema Sitefinity para la distribución de correos electrónicos de phishing. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2019-17392
https://notcve.org/view.php?id=CVE-2019-17392
26 Nov 2019 — Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled. Progress Sitefinity versión 12.1, tiene un mecanismo de recuperación de contraseña débil para una contraseña olvidada porque el encabezado de Host de HTTP es manejado inapropiadamente. • https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-November-2019 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2019-7215
https://notcve.org/view.php?id=CVE-2019-7215
06 Jun 2019 — Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions are changed. Progress Sitefinity 10.1.6536 no invalida las cookies de sesión al cerrar la sesión. En su lugar, intenta sobrescribir la cookie en el navegador, pero sigue siendo válida en el lado del servidor. • https://knowledgebase.progress.com/#sort=relevancy&f:%40objecttypelabel=%5BProduct%20Alert%5D • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17055
https://notcve.org/view.php?id=CVE-2018-17055
28 Sep 2018 — An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Una vulnerabilidad de subida de archivos arbitrarios en Progress Sitefinity CMS, desde la versión 4.0 hasta la 11.0, relacionada con la subida de imágenes. • https://insinuator.net/2018/10/vulnerabilities-in-sitefinity-wcms-a-success-story-of-a-responsible-disclosure-process • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-18175
https://notcve.org/view.php?id=CVE-2017-18175
12 Feb 2018 — Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. Progress Sitefinity 9.1 tiene XSS mediante Content Management Template Configuration (también llamado Templateconfiguration), tal y como demuestra el atributo src de un elemento IMG. Esto se ha solucionado en la versión 10.1. • https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-18176
https://notcve.org/view.php?id=CVE-2017-18176
12 Feb 2018 — Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. Progress Sitefinity 9.1 tiene XSS mediante la subida de archivos, debido a que el código JavaScript en un archivo HTML tiene el mismo origen que el propio código de la aplicación. Esto se ha solucionado en la versión 10.1. • https://packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •