Lucene search
MitreCVELIST:CVE-2020-25817HistoryJun 08, 2021 - 5:54 p.m.
CVE-2020-25817
2021-06-0817:54:01
mitre
www.cve.org
3
silverstripe
4.6.0-rc1
xxe vulnerability
csscontentparser
xml external entity
xss
html.
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).
Related
osv
osv
BIT-silverstripe-2020-25817
2024-03-06 11:06:51
CVE-2020-25817
2021-06-08 18:15:07
SilverStripe XXE Vulnerability in CSSContentParser
2022-05-24 19:04:19
prion
prion
Xxe
2021-06-08 18:15:00
cve
cve
CVE-2020-25817
2021-06-08 18:15:07
github
github
SilverStripe XXE Vulnerability in CSSContentParser
2022-05-24 19:04:19
nvd
nvd
CVE-2020-25817
2021-06-08 18:15:07
veracode
veracode
XML External Entitty (XXE)
2021-06-09 05:16:36
friendsofphp
friendsofphp
CVE-2021-25817 XXE: Vulnerability in CSSContentParser
2021-06-07 22:31:00