Sitefinity
This hub aggregates every CVE we track for Sitefinity, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
6
Critical
10
High
1
In CISA KEV
Severity distribution
HIGH10MEDIUM9CRITICAL6
Monthly trend
0
0
0
0
0
0
3
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
5
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Sitefinity.
- CVE-2026-7313CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity8.7
- CVE-2026-7312CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity10.0
- CVE-2026-7201CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity8.8
- CVE-2026-7198CWE-284: Improper Access Control in web services in Progress Sitefinity9.8
- CVE-2026-7195CWE-20: Improper Input Validation in web services in Progress Sitefinity8.8
- CVE-2025-1968Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This iss...7.7
- CVE-2024-11627: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15...6.8
- CVE-2024-11626Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: f...8.4
- CVE-2024-11625Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, ...7.7
- CVE-2023-27636Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.5.4
- CVE-2024-1636Potential Cross-Site Scripting (XSS) in the page editing area8.0
- CVE-2024-1632Incorrect access control in the Sitefinity backend8.8
- CVE-2023-6784Potential Use of the Sitefinity System for Distribution of Phishing Emails4.7
- CVE-2023-29376An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privi...5.4
- CVE-2023-29375An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous ...9.8
Product normalization is registry-driven with AI assist and human review. How it works