XSS Vulnerability Discovered in Page Editing Area
CVE-2024-1636

5.4MEDIUM

Key Information:

Vendor

Progress Software
Status
Sitefinity
Vendor
CVE Published:
28 February 2024

What is CVE-2024-1636?

Potential Cross-Site Scripting (XSS) in the page editing area.

Affected Version(s)

Sitefinity 13.3.7600 < 13.3.7649

Sitefinity 14.4.8100 < 14.4.8135

Sitefinity 15.0.8200 < 15.0.8227

References

https://www.progress.com/sitefinity-cms
product
https://community.progress.com/s/article/Sitefinity-Secur...
vendor-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.