Medium severity5.4NVD Advisory· Published Feb 12, 2018· Updated Jun 17, 2026
CVE-2017-18176
CVE-2017-18176
Description
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
Affected products
1- Range: <10.1
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/143894/Progress-Sitefinity-9.1-XSS-Session-Management-Open-Redirect.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.