Cross-Site Scripting in Progress Sitefinity CMS
CVE-2017-18639

6.1MEDIUM

Key Information:

Vendor: Progress
Status: Sitefinity Cms
Vendor: CVE Published:; 6 November 2019

Summary

Progress Sitefinity CMS versions prior to 10.1 contain a vulnerability that allows attackers to perform Cross-Site Scripting (XSS) through various parameters such as Page Title, News Title, and Document Title. This flaw enables the injection of malicious scripts, posing a significant risk to user data and session integrity. Attackers can exploit this vulnerability by crafting URLs that manipulate these parameters, leading to unauthorized actions and data theft. It is crucial for users of Sitefinity CMS to apply security updates to mitigate potential threats.

References

https://www.exploit-db.com/exploits/42792

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 6, 2019
Vulnerability Reserved
Nov 6, 2019