Medium severity5.4NVD Advisory· Published Feb 12, 2018· Updated Jun 17, 2026
CVE-2017-18175
CVE-2017-18175
Description
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
Affected products
1- Range: <10.1
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.