Sitefinity
Approved changes feed: RSS · Atom
cpe:2.3:a:progress_software_corporation:sitefinity:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Progress Software Corporation (936a4410-8e02-5d5c-938a-4a1509e8d7ef) |
|---|---|
| Product | Sitefinity (2ddefd29-c4b4-5eb8-ae21-1a03a36e6f82) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-1968 |
vulnerable | 2026-06-03 14:59:06.886678 |
Details available
HIGH (7.7)
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
Published: 2025-04-09T13:33:31.450Z
Updated: 2026-02-26T18:28:29.081Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-4882 |
vulnerable | 2026-06-03 14:57:16.417294 |
URL Redirection to Arbitrary Site Exists in Sitefinity
The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions.
Published: 2024-07-08T17:29:03.986Z
Updated: 2024-08-01T20:55:10.225Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1636 |
vulnerable | 2026-06-03 14:54:34.160080 |
Potential Cross-Site Scripting (XSS) in the page editing area
HIGH (8)
Potential Cross-Site Scripting (XSS) in the page editing area.
Published: 2024-02-28T12:05:23.082Z
Updated: 2024-08-01T19:14:11.892Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1632 |
vulnerable | 2026-06-03 14:54:34.126910 |
Incorrect access control in the Sitefinity backend
HIGH (8.8)
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
Published: 2024-02-28T12:04:45.869Z
Updated: 2024-08-02T19:28:52.380Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11626 |
vulnerable | 2026-06-03 14:54:14.497060 |
Details available
HIGH (8.4)
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
Published: 2025-01-07T07:49:01.805Z
Updated: 2025-01-07T15:37:28.107Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11625 |
vulnerable | 2026-06-03 14:54:14.496030 |
Details available
HIGH (7.7)
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
Published: 2025-01-07T07:48:32.620Z
Updated: 2025-01-07T15:38:00.465Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6784 |
vulnerable | 2026-06-03 14:53:58.980667 |
Potential Use of the Sitefinity System for Distribution of Phishing Emails
MEDIUM (4.7)
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
Published: 2023-12-20T14:00:55.962Z
Updated: 2024-11-27T20:02:36.832Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.