Home
HIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HDefault status
unknown
14.1.0 (custom) before 14.4.0
affected
14.4.8100 (custom) before 14.4.8152
affected
15.0.8200 (custom) before 15.0.8234
affected
15.1.8300 (custom) before 15.1.8335
affected
15.2.8400 (custom) before 15.2.8441
affected
15.3.8500 (custom) before 15.3.8531
affected
15.4.8600 (custom) before 15.4.8630
affected
Description
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration.
Problem types
CWE-20: Improper Input Validation
Product status
14.1.0 (custom) before 14.4.0
14.4.8100 (custom) before 14.4.8152
15.0.8200 (custom) before 15.0.8234
15.1.8300 (custom) before 15.1.8335
15.2.8400 (custom) before 15.2.8441
15.3.8500 (custom) before 15.3.8531
15.4.8600 (custom) before 15.4.8630
References
community.progress.com/...E-2026-7201-CVE-2026-7313-May-2026