Headline

GHSA-jx34-gqqq-r6gm: Stored XSS via HTML fields in SilverStripe Framework

SilverStripe Framework through 4.10.8 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

2 years ago

ghsa

Open in Source

#xss #web #git #auth

Stored XSS via HTML fields in SilverStripe Framework

Moderate severity GitHub Reviewed Published Jun 29, 2022

Related news

CVE-2022-25238

Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.

2 years ago

CVE

Open in Source

#xss #web #auth