Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HProgress Sitefinity
APPProgress9.1 – 9.1.6185 (bez)9.2 – 9.2.6276 (bez)10.0 – 10.0.6431 (bez)10.1 – 10.1.6542 (bez)10.2 – 10.2.665111.0 – 11.0.673911.1 – 11.1.682811.2 – 11.2.693412.0 – 12.0.703212.1 – 12.1.7128
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2017-9248CRITICAL9.8⚠ KEVten sam produkt
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412....
CVE-2026-7198CRITICAL9.8PL ✓ten sam produkt
Obejście uwierzytelnienia w Progress Sitefinity — pełny dostęp bez logowania
CVE-2026-7312CRITICAL10.0PL ✓ten sam produkt
Progress Sitefinity: ujawnienie danych uwierzytelniających w usługach web
CVE-2023-29375CRITICAL9.8ten sam produkt
An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1....
CVE-2017-15883CRITICAL9.8ten sam produkt
Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication an...