Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17055 | 1 Progress | 1 Sitefinity | 2018-12-12 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. | |||||
| CVE-2017-18179 | 1 Progress | 1 Sitefinity | 2018-03-05 | 6.5 MEDIUM | 8.8 HIGH |
| Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1. | |||||