CVE-2023-29376: 
Progress Sitfinity vulnerability analysis and mitigation

CVE-2023-29376 is a Cross-Site Scripting (XSS) vulnerability discovered in Progress Sitefinity affecting multiple versions: 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. The vulnerability was disclosed on April 5, 2023, and specifically affects the media libraries component of Sitefinity (NVD, Progress Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and has received a CVSS v3.1 Base Score of 5.4 (Medium severity). The attack vector is characterized as Network-based (AV:N) with Low attack complexity (AC:L), requiring Low privileges (PR:L) and User interaction (UI:R). The scope is Changed (S:C) with Low confidentiality (C:L) and integrity (I:L) impacts, and No availability impact (A:N) (NVD).

The vulnerability allows privileged users to perform Cross-Site Scripting attacks through Sitefinity media libraries. While the impact is somewhat limited due to the requirement of privileged access, successful exploitation could lead to compromised confidentiality and integrity of the affected system (Progress Advisory).

Progress has released patched versions to address this vulnerability. Users should upgrade to versions 13.3.7647, 14.0.7736, 14.1.7826, 14.2.7930, or 14.3.8025 or later depending on their current version (Progress Advisory).