We have identified a security vulnerability affecting UI for ASP.NET AJAX that exists in versions of Telerik.Web.UI.dll assembly prior to 2017.2.621, as well as Sitefinity versions prior to 10.0.6412.0. We have addressed the issue and have notified customers and partners with details on how to fix the vulnerability.
For details, please review the respective KB articles:
Our sincere thanks to Erlend Leiknes, security consultant with Mnemonic AS, for disclosing this issue and helping in its resolution. We also wish to thank Thanh Van Tien Nguyen for his assistance and for providing further essential details.