We have identified a security vulnerability affecting UI for ASP.NET AJAX that exists in versions of Telerik.Web.UI.dll assembly prior to 2017.2.621, as well as Sitefinity versions prior to 10.0.6412.0. We have addressed the issue and have notified customers and partners with details on how to fix the vulnerability.
For details, please review the respective KB articles:
Our sincere thanks to Erlend Leiknes, security consultant with Mnemonic AS, for disclosing this issue and helping in its resolution. We also wish to thank Thanh Van Tien Nguyen for his assistance and for providing further essential details.
View all posts from The Progress Team on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites
Progress collects the Personal Information set out in our Privacy Policy and the Supplemental Privacy notice for residents of California and other US States and uses it for the purposes stated in that policy.
You can also ask us not to share your Personal Information to third parties here: Do Not Sell or Share My Info
We see that you have already chosen to receive marketing materials from us. If you wish to change this at any time you may do so by clicking here.
Thank you for your continued interest in Progress. Based on either your previous activity on our websites or our ongoing relationship, we will keep you updated on our products, solutions, services, company news and events. If you decide that you want to be removed from our mailing lists at any time, you can change your contact preferences by clicking here.