Shodan
Vulnerabilities
Vulnerable Software
Progress:  >> Sitefinity  >> 12.2.7226  Security Vulnerabilities
CVE-2026-7313
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization.
CVSS Score
8.7
EPSS Score
0.0
Published
2026-06-02
CVE-2024-11625
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
7.7
EPSS Score
0.001
Published
2025-01-07
CVE-2024-11626
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
8.4
EPSS Score
0.001
Published
2025-01-07
CVE-2024-11627
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
CVSS Score
6.8
EPSS Score
0.002
Published
2025-01-07
CVE-2023-27636
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVSS Score
5.4
EPSS Score
0.005
Published
2024-06-16
CVE-2024-1636
Potential Cross-Site Scripting (XSS) in the page editing area.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-02-28
CVE-2024-1632
Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area.
CVSS Score
8.8
EPSS Score
0.022
Published
2024-02-28
CVE-2023-6784
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-12-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved