Sitefinity
This hub aggregates every CVE we track for Sitefinity, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
24
CVEs tracked
6
Critical
10
High
1
In CISA KEV
Severity distribution
HIGH10MEDIUM8CRITICAL6
Monthly trend
0
0
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
5
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Sitefinity.
- CVE-2026-7313CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity8.7
- CVE-2026-7312CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity10.0
- CVE-2026-7201CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity8.8
- CVE-2026-7198CWE-284: Improper Access Control in web services in Progress Sitefinity9.8
- CVE-2026-7195CWE-20: Improper Input Validation in web services in Progress Sitefinity8.8
- CVE-2025-1968Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This iss...7.7
- CVE-2024-11627: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15...6.8
- CVE-2024-11626Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: f...8.4
- CVE-2024-11625Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, ...7.7
- CVE-2024-1636Potential Cross-Site Scripting (XSS) in the page editing area8.0
- CVE-2024-1632Incorrect access control in the Sitefinity backend8.8
- CVE-2023-6784Potential Use of the Sitefinity System for Distribution of Phishing Emails4.7
- CVE-2023-29375An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous ...9.8
- CVE-2023-29376An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privi...5.4
- CVE-2019-17392Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.9.8
Product normalization is registry-driven with AI assist and human review. How it works