This page lists publicly disclosed CVE vulnerabilities affecting progress sitefinity (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-18176 | Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | [email protected] | 5.4 | 0.03% | 2018-02-12 | 2024-11-21 |
| CVE-2017-18175 | Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. | [email protected] | 5.4 | 0.03% | 2018-02-12 | 2024-11-21 |
| CVE-2017-15883 | Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | [email protected] | 9.8 | 0.15% | 2018-01-08 | 2024-11-21 |
| CVE-2017-9248 KEV | Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | [email protected] | 9.8 | 89.44% | 2017-07-03 | 2026-04-21 |