Cross-Site Scripting Vulnerability in Progress Sitefinity Content Management
CVE-2017-18175

5.4MEDIUM

Key Information:

Vendor: Progress
Status: Sitefinity
Vendor: CVE Published:; 3 October 2022

Summary

Progress Sitefinity version 9.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability through the Content Management Template Configuration. This issue arises specifically from the improper handling of the src attribute within IMG elements. Attackers can exploit this vulnerability to inject malicious scripts, leading to unauthorized actions or access to sensitive user information. This vulnerability was addressed in version 10.1.

References

https://www.sec-consult.com/en/blog/advisories/multiple-v...

x_refsource_MISC

https://packetstormsecurity.com/files/143894/Progress-Sit...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022