Lucene search

MitreCVE-2023-29376

HistoryApr 10, 2023 - 3:15 p.m.

CVE-2023-29376

2023-04-1015:15:07

CWE-79

mitre

web.nvd.nist.gov

cve-2023-29376

progress sitefinity

xss

privileged users

media libraries

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.

Affected configurations

Nvd

Node

progresssitefinityRange13.3–13.3.7646

progresssitefinityRange14.0–14.0.7736

progresssitefinityRange14.1–14.1.7826

progresssitefinityRange14.2–14.2.7930

progresssitefinityRange14.3–14.3.8026

VendorProductVersionCPE
progresssitefinity*cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	sitefinity	*	cpe:2.3:a:progress:sitefinity::::::::

References

community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-April-2023

www.progress.com/sitefinity-cms