CVE-2023-29376

MEDIUM

Progress Sitefinity <14.3.8025 - XSS

Title source: llm

Description

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.

References (2)

Core 2

Core References

Vendor Advisory

https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023

Product

https://www.progress.com/sitefinity-cms

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

progress/sitefinity 13.3 - 13.3.7646

Published Apr 10, 2023

Tracked Since Feb 18, 2026