Ali Hardudi

**Name of the Vulnerable Software and Affected Versions** Progress Sitefinity CMS versions 10.0 through 11.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters. **Recommendations** For Progress Sitefinity CMS versions 10.0 through 11.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to login request parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Progress Sitefinity CMS versions 10.0 through 11.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters. **Recommendations** For Progress Sitefinity CMS versions 10.0 through 11.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to login request parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Progress Sitefinity CMS versions 4.0 through 11.0 **Description** The issue is related to an arbitrary file upload vulnerability, specifically concerning image uploads. **Recommendations** For Progress Sitefinity CMS versions 4.0 through 11.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Progress Sitefinity CMS versions 10.2 through 11.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This could potentially lead to unauthorized actions on the website. **Recommendations** For Progress Sitefinity CMS versions 10.2 through 11.0, update to a version that contains a fix for this issue to prevent remote attackers from injecting arbitrary web script or HTML.