Cross-Site Scripting in Progress Sitefinity CMS
CVE-2017-18639
6.1MEDIUM
What is CVE-2017-18639?
Progress Sitefinity CMS versions prior to 10.1 contain a vulnerability that allows attackers to perform Cross-Site Scripting (XSS) through various parameters such as Page Title, News Title, and Document Title. This flaw enables the injection of malicious scripts, posing a significant risk to user data and session integrity. Attackers can exploit this vulnerability by crafting URLs that manipulate these parameters, leading to unauthorized actions and data theft. It is crucial for users of Sitefinity CMS to apply security updates to mitigate potential threats.