Max CVSS 6.5 Min CVSS 3.5 Total Count5
IDCVSSSummaryLast (major) updatePublished
CVE-2017-18179 6.5
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
12-02-2018 - 09:29 12-02-2018 - 09:29
CVE-2017-18178 5.8
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1.
12-02-2018 - 09:29 12-02-2018 - 09:29
CVE-2017-18177 3.5
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
12-02-2018 - 09:29 12-02-2018 - 09:29
CVE-2017-18176 3.5
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
12-02-2018 - 09:29 12-02-2018 - 09:29
CVE-2017-18175 3.5
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
12-02-2018 - 09:29 12-02-2018 - 09:29
Back to Top Mark selected
Back to Top