A set of potential security vulnerabilities have been identified in Progress Sitefinity CMS. Below you will find information on the vulnerabilities and list of bugfix rollup patches available per version. If you have questions, please contact Progress Technical Support.
Insufficient sanitization of the login request parameters that may lead to Reflected cross-site scripting (XSS).
A malicious user can perform advanced password reset attacks.
Note: The Host header vulnerability affects only users registered in Sitefinity membership providers. Websites that utilize external membership providers such as Azure AD or LDAP are not vulnerable.