VYPR
Medium severity5.4NVD Advisory· Published Feb 12, 2018· Updated Jun 17, 2026

CVE-2017-18176

CVE-2017-18176

Description

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.