CVE-2024-11626 HIGH

CVE-2024-11626

Vendor Progress Software Corporation

Product Sitefinity

Weakness CWE-79 · XSS

Published January 7, 2025

Last update January 7, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

Key dates

02Disclosure timeline

January 7, 2025 CVE published

January 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11626

Related vulnerabilities

Identifiers

CVE CVE-2024-11626

CWE CWE-79

CVSS 8.4 / HIGH

Affected versions

Vendor Progress Software Corporation

Product Sitefinity

Affected ≥ 4.0 and ≤ 14.4.8142

Vendor Progress Software Corporation

Product Sitefinity

Affected ≥ 15.0.8200 and ≤ 15.0.8229

Vendor Progress Software Corporation

Product Sitefinity

Affected ≥ 15.1.8300 and ≤ 15.1.8327

Vendor Progress Software Corporation

Product Sitefinity

Affected ≥ 15.2.8400 and ≤ 15.2.8421

CVE-2024-11626

01Description

02Disclosure timeline

03References

04Related CVE