CVE-2023-6784

Summary

A malicious user could potentially use the Sitefinity system for the distribution of phishing emails.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationSitefinity15.0 < 15.0.8223affected
Progress Software CorporationSitefinity14.4 < 14.4.8133affected
Progress Software CorporationSitefinity14.3 < 14.3.8029affected
Progress Software CorporationSitefinity14.2 < 14.2.7932affected
Progress Software CorporationSitefinity14.1 < 14.1.7828affected
Progress Software CorporationSitefinity13.3 < 13.3.7648affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References