Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled.
2019-11-26T18:15:15.600
2024-11-21T04:32:14.917
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | progress | sitefinity | < 9.1.6185 | Yes |
| Application | progress | sitefinity | < 9.2.6276 | Yes |
| Application | progress | sitefinity | < 10.0.6431 | Yes |
| Application | progress | sitefinity | < 10.1.6542 | Yes |
| Application | progress | sitefinity | ≤ 10.2.6651 | Yes |
| Application | progress | sitefinity | ≤ 11.0.6739 | Yes |
| Application | progress | sitefinity | ≤ 11.1.6828 | Yes |
| Application | progress | sitefinity | ≤ 11.2.6934 | Yes |
| Application | progress | sitefinity | ≤ 12.0.7032 | Yes |
| Application | progress | sitefinity | ≤ 12.1.7128 | Yes |