CVE-2017-18639

Name of the Vulnerable Software and Affected Versions Progress Sitefinity CMS versions prior to 10.1

Description The issue allows for XSS attacks through various parameters, including Page Title in /Pages, News Title in /Content/News, List Title in /Content/List, Document Title in /Content/Documents/LibraryDocuments/incident-request-attachments, Image Title in /Content/Images/LibraryImages/newsimages, Link Title in /Content/links, and Video Title in /Content/Videos/LibraryVideos/default-video-library.

Recommendations For versions prior to 10.1, update to version 10.1 or later to resolve the issue. As a temporary workaround, consider restricting user input for the affected parameters, such as Page Title, News Title, List Title, Document Title, Image Title, Link Title, and Video Title, to minimize the risk of exploitation.