📦

sitefinity

Vendor: progress

Actively Exploited 1 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 2 Remote Access

Total CVEs 30 Total Indexed

Avg. EPSS 4.16% Exploit Prob.

Latest CVE CVE-2026-7313 Jun 02

Security Vulnerability Index

Page 3 / 3

5.4 CVSS

CVE-2017-18176

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

EPSS: 0.05%

Severity: MEDIUM

Feb 12, 2018

5.4 CVSS

CVE-2017-18175

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.

EPSS: 0.03%

Severity: MEDIUM

Feb 12, 2018

9.8 CVSS

CVE-2017-15883

Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

EPSS: 0.10%

Severity: CRITICAL

Jan 08, 2018

9.8 CVSS

CVE-2017-9248

Exploit Found

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.

EPSS: 89.44%

Severity: CRITICAL

Jul 03, 2017

Displaying 4 of 30 Total Entries

1 2 3

Total 3 Sections