CVE-2023-29376
Published Apr 10, 2023
Last updated 2 years ago
Overview
- Description
- An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50BB226D-409D-4549-931E-D6668E27CDDE",
"versionEndExcluding": "13.3.7646",
"versionStartIncluding": "13.3"
},
{
"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FA25F74-CF2D-4126-91F3-F60C27699AF9",
"versionEndExcluding": "14.0.7736",
"versionStartIncluding": "14.0"
},
{
"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C672393B-15D3-4D0B-AA66-FA741EE74A60",
"versionEndExcluding": "14.1.7826",
"versionStartIncluding": "14.1"
},
{
"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "280EAD40-FC61-4DFC-9B4D-6600CA48DC05",
"versionEndExcluding": "14.2.7930",
"versionStartIncluding": "14.2"
},
{
"criteria": "cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80A1112E-32F1-4A99-9517-15EC1BBF3ED3",
"versionEndExcluding": "14.3.8026",
"versionStartIncluding": "14.3"
}
],
"operator": "OR"
}
]
}
]