PT-2023-22233 · Progress · Sitefinity
Published
2023-04-10
·
Updated
2025-02-11
·
CVE-2023-29376
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Progress Sitefinity versions 13.3 through 13.3.7646
Progress Sitefinity versions 14.0 through 14.0.7735
Progress Sitefinity versions 14.1 through 14.1.7825
Progress Sitefinity versions 14.2 through 14.2.7929
Progress Sitefinity versions 14.3 through 14.3.8024
Description
There is potential for cross-site scripting (XSS) by privileged users in Sitefinity to media libraries. This issue allows attackers to potentially inject malicious scripts into the website.
Recommendations
For Progress Sitefinity version 13.3, update to version 13.3.7647 or later.
For Progress Sitefinity version 14.0, update to version 14.0.7736 or later.
For Progress Sitefinity version 14.1, update to version 14.1.7826 or later.
For Progress Sitefinity version 14.2, update to version 14.2.7930 or later.
For Progress Sitefinity version 14.3, update to version 14.3.8025 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitefinity