CVE-2024-11626
CVSS 3.1 Score 8.4 of 10 (high)
Details
Summary
CVE-2024-11626 is a Cross-site Scripting (XSS) vulnerability affecting various versions of Progress Sitefinity. The issue is located in the CMS backend's administrative section, where improper neutralization of user input occurs during web page generation. This flaw could potentially allow attackers to inject malicious scripts into a victim's browser and gain unauthorized access or perform actions on their behalf. Affected versions include Sitefinity from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, and from 15.2.8400 through 15.2.8421. Users are advised to update their Sitefinity installations as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.