8.8
CVE-2026-7195
- EPSS 0.47%
- Veröffentlicht 02.06.2026 13:04:40
- Zuletzt bearbeitet 04.06.2026 12:51:51
- Quelle security@progress.com
- CVE-Watchlists
- Unerledigt
CWE-20: Improper Input Validation in web services in Progress Sitefinity
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Progress ≫ Sitefinity Version >= 14.1.7800 < 14.4.8152
Progress ≫ Sitefinity Version >= 15.0.8200 < 15.0.8234
Progress ≫ Sitefinity Version >= 15.1.8300 < 15.1.8335
Progress ≫ Sitefinity Version >= 15.2.8400 < 15.2.8441
Progress ≫ Sitefinity Version >= 15.3.8500 < 15.3.8531
Progress ≫ Sitefinity Version >= 15.4.8600 < 15.4.8630
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.37 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
| security@progress.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2026-7312-CVE-2026-7198-CVE-2026-7195-CVE-2026-7201-CVE-2026-7313-May-2026