First published: Mon Apr 10 2023(Updated: )
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Progress Sitefinity | >=13.3<13.3.7646 | |
Progress Sitefinity | >=14.0<14.0.7736 | |
Progress Sitefinity | >=14.1<14.1.7826 | |
Progress Sitefinity | >=14.2<14.2.7930 | |
Progress Sitefinity | >=14.3<14.3.8026 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29376 is a vulnerability in Progress Sitefinity versions 13.3 to 14.3 that allows privileged users to perform XSS attacks in media libraries.
The severity of CVE-2023-29376 is medium, with a CVSS score of 5.4.
Progress Sitefinity versions 13.3 to 14.3 are affected by CVE-2023-29376.
Privileged users can exploit CVE-2023-29376 by conducting cross-site scripting attacks in Sitefinity media libraries.
Yes, fixes or patches for CVE-2023-29376 are available in versions 13.3.7647, 14.0.7736, 14.1.7826, 14.2.7930, and 14.3.8025 of Progress Sitefinity.