XSS Vulnerability in Progress Sitefinity 9.1 via File Upload

XSS Vulnerability in Progress Sitefinity 9.1 via File Upload

CVE-2017-18176 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.

Learn more about our Web Application Penetration Testing UK.