Silverstripe admin XSS Vulnerability via WYSIWYG editor

2024-05-2218:18:18

CWE-79

GitHub Advisory Database

github.com

silverstripe

xss

vulnerability

wysiwyg

editor

malicious

javascript

7.1 High

AI Score

Confidence

Low

JSON

It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious javascript.

Affected configurations

Vulners

Node

silverstripeadminRange<1.1.1

silverstripeadminRange<1.0.4

CPENameOperatorVersion
silverstripe/adminlt1.1.1
silverstripe/adminlt1.0.4

CPE	Name	Operator	Version
	silverstripe/admin	lt	1.1.1
	silverstripe/admin	lt	1.0.4

References

github.com/advisories/GHSA-779c-7w4p-2c4g

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2018-004-1.yaml

www.silverstripe.org/download/security-releases/ss-2018-004

7.1 High

AI Score

Confidence

Low

JSON