PT-2025-1671 · Progress · Sitefinity
Published
2025-01-07
·
Updated
2025-07-29
·
CVE-2024-11626
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Progress Sitefinity versions 4.0 through 14.4.8142
Progress Sitefinity versions 15.0.8200 through 15.0.8229
Progress Sitefinity versions 15.1.8300 through 15.1.8327
Progress Sitefinity versions 15.2.8400 through 15.2.8421
Description
The issue is related to improper neutralization of input during the generation of web pages in the backend of the CMS, specifically in the administrative section. This can lead to Cross-site Scripting (XSS) attacks.
Recommendations
For versions 4.0 through 14.4.8142, update to a version outside of this range to resolve the issue.
For versions 15.0.8200 through 15.0.8229, update to a version outside of this range to resolve the issue.
For versions 15.1.8300 through 15.1.8327, update to a version outside of this range to resolve the issue.
For versions 15.2.8400 through 15.2.8421, update to a version outside of this range to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitefinity