2018-02-12 14:00:00
mitre
PUBLISHED
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the applications own code. This is fixed in 10.1.