An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HProgress Sitefinity
APPProgress13.3 – 13.3.7646 (bez)14.0 – 14.0.7736 (bez)14.1 – 14.1.7826 (bez)14.2 – 14.2.7930 (bez)14.3 – 14.3.8026 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2017-9248CRITICAL9.8⚠ KEVten sam produkt
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412....
CVE-2026-7198CRITICAL9.8PL ✓ten sam produkt
Obejście uwierzytelnienia w Progress Sitefinity — pełny dostęp bez logowania
CVE-2026-7312CRITICAL10.0PL ✓ten sam produkt
Progress Sitefinity: ujawnienie danych uwierzytelniających w usługach web
CVE-2019-17392CRITICAL9.8ten sam produkt
Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host...
CVE-2017-15883CRITICAL9.8ten sam produkt
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication an...