XSS Vulnerability in Progress Sitefinity Media Libraries
CVE-2023-29376

5.4MEDIUM

Key Information:

Vendor: Progress
Status: Sitefinity
Vendor: CVE Published:; 10 April 2023

Summary

Progress Sitefinity versions prior to 13.3.7647, 14.0.7736, 14.1.7826, 14.2.7930, and 14.3.8025 are susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows privileged users to exploit media libraries, potentially leading to unauthorized script execution. Organizations using affected versions should take immediate steps to apply updates and safeguard their systems.

References

https://www.progress.com/sitefinity-cms

https://community.progress.com/s/article/Sitefinity-Secur...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 10, 2023
Vulnerability Reserved
Apr 5, 2023