We have identified a security vulnerability affecting UI for ASP.NET AJAX that exists in versions of Telerik.Web.UI.dll assembly prior to 2017.2.621, as well as Sitefinity versions prior to 10.0.6412.0. We have addressed the issue and have notified customers and partners with details on how to fix the vulnerability.
For details, please review the respective KB articles:
Our sincere thanks to Erlend Leiknes, security consultant with Mnemonic AS, for disclosing this issue and helping in its resolution. We also wish to thank Thanh Van Tien Nguyen for his assistance and for providing further essential details.
View all posts from The Progress Team on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Subscribe to get all the news, info and tutorials you need to build better business apps and sites
Copyright © 2019 Progress Software Corporation and/or its subsidiaries or affiliates.All Rights Reserved.
Progress, Telerik, Ipswitch, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.