Cross-Site Scripting Vulnerability in Progress Sitefinity Web Application
CVE-2017-18176
5.4MEDIUM
What is CVE-2017-18176?
Progress Sitefinity version 9.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper validation in its file upload functionality. The flaw arises when JavaScript code within uploaded HTML files is executed within the same origin as the application's code, allowing attackers to potentially execute malicious scripts in the context of other users. This vulnerability has been resolved in version 10.1 of the software.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability Reserved
Vulnerability published