Progress Sitefinity Cross-Site Scripting Vulnerability in Administrative Backend

A cross-site scripting (XSS) vulnerability has been identified in the administrative backend of Progress Sitefinity. This issue affects Sitefinity versions 4.0 through 14.4.8142, as well as 15.0.8200 through 15.0.8229, 15.1.8300 through 15.1.8327, and 15.2.8400 through 15.2.8421. The vulnerability arises from improper neutralization of input during web page generation, allowing for the injection of malicious scripts that could be executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Progress has released patches for all supported versions of Sitefinity. Users are advised to update to the latest version. For instructions on how to apply the update, refer to the Progress Sitefinity Knowledge Base Article on updating Sitefinity to a patch.