Cross-Site Scripting Vulnerability in Progress Sitefinity CMS
CVE-2018-17054
6.1MEDIUM
What is CVE-2018-17054?
A cross-site scripting vulnerability exists in the Identity Server of Progress Sitefinity CMS versions 10.0 through 11.0. This flaw enables remote attackers to inject arbitrary web scripts or HTML into web pages by manipulating login request parameters. It poses significant risks as attackers could exploit this to execute malicious scripts in the context of the victim’s browser, potentially compromising sensitive information and the integrity of the affected web applications.