Cross-Site Scripting Vulnerability in Progress Sitefinity CMS
CVE-2018-17054

6.1MEDIUM

Key Information:

Vendor

Progress

Vendor
CVE Published:
3 October 2018

What is CVE-2018-17054?

A cross-site scripting vulnerability exists in the Identity Server of Progress Sitefinity CMS versions 10.0 through 11.0. This flaw enables remote attackers to inject arbitrary web scripts or HTML into web pages by manipulating login request parameters. It poses significant risks as attackers could exploit this to execute malicious scripts in the context of the victim’s browser, potentially compromising sensitive information and the integrity of the affected web applications.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.