CVE-2017-18175

MEDIUM

Progress Sitefinity 9.1 - Cross-Site Scripting via Content Management Template Configuration

Title source: llm
STIX 2.1

Description

Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0072
EPSS Percentile 49.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
progress/sitefinity 9.1
Published Feb 12, 2018
Tracked Since Feb 18, 2026