Cross-Site Scripting Vulnerability in Progress Sitefinity by Progress
CVE-2017-18177

5.4MEDIUM

Key Information:

Vendor: Progress
Status: Sitefinity
Vendor: CVE Published:; 12 February 2018

Summary

Progress Sitefinity 9.1 is susceptible to a Cross-Site Scripting (XSS) vulnerability through the Last Name, First Name, and About fields on the New User Creation Page. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of an unsuspecting user's browser. This could lead to the theft of session cookies, defacement of web content, or redirection to malicious sites. The issue has been resolved in version 10.1, emphasizing the importance of updating to the latest version to mitigate security risks.

References

https://www.sec-consult.com/en/blog/advisories/multiple-v...

x_refsource_MISC

https://packetstormsecurity.com/files/143894/Progress-Sit...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 12, 2018