CVE-2023-6784

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6784
A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 Vendor Advisory
https://www.progress.com/sitefinity-cms Product
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 Vendor Advisory
https://www.progress.com/sitefinity-cms Product
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 - Vendor Advisory () https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 - Vendor Advisory
References () https://www.progress.com/sitefinity-cms - Product () https://www.progress.com/sitefinity-cms - Product
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 4.7

28 Dec 2023, 20:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:progress:sitefinity:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Progress
Progress sitefinity
References () https://www.progress.com/sitefinity-cms - () https://www.progress.com/sitefinity-cms - Product
References () https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 - () https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2023-6784-December-2023 - Vendor Advisory

20 Dec 2023, 14:33

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-20 14:15

Updated : 2024-11-21 08:44

NVD link : CVE-2023-6784

Mitre link : CVE-2023-6784

CVE.ORG link : CVE-2023-6784

JSON object : View

Products Affected

progress

  • sitefinity
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo