VYPR
High severity8.7NVD Advisory· Published Jun 2, 2026· Updated Jun 4, 2026

CVE-2026-7313

CVE-2026-7313

Description

CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.

Affected products

2
  • cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*range: >=8.0.5700,<13.3.7652
    • (no CPE)range: 8.0.5700 - 13.3.7652

Patches

Vulnerability mechanics

References

1

News mentions

1