CVE-2025-11626: 
Wireshark vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was discovered in Progress Sitefinity's CMS backend (administrative section) web page generation, identified as CVE-2024-11626. The vulnerability affects multiple versions of Sitefinity, including versions from 4.0 through 14.4.8142, 15.0.8200 through 15.0.8229, 15.1.8300 through 15.1.8327, and 15.2.8400 through 15.2.8421. The vulnerability was disclosed on January 7, 2025 (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). According to the CVSS 3.1 scoring system, the vulnerability received different severity ratings from different sources. The NVD assigned it a medium severity score of 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N), while Progress Software Corporation rated it as high severity with a score of 8.4 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H) (NVD).

The vulnerability could potentially allow attackers to execute cross-site scripting attacks through the CMS backend administrative section, potentially compromising the confidentiality and integrity of the affected system. The high CVSS scores from Progress Software Corporation indicate potential for significant impact on system security (NVD).