Cross-Site Scripting Vulnerability in Progress Sitefinity Web Application
CVE-2017-18176
5.4MEDIUM
What is CVE-2017-18176?
Progress Sitefinity version 9.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper validation in its file upload functionality. The flaw arises when JavaScript code within uploaded HTML files is executed within the same origin as the application's code, allowing attackers to potentially execute malicious scripts in the context of other users. This vulnerability has been resolved in version 10.1 of the software.