Lucene search
GoogleOSV:GHSA-3VJC-5X79-M9R8HistoryMay 24, 2022 - 7:04 p.m.
SilverStripe XXE Vulnerability in CSSContentParser
2022-05-2419:04:19
Google
osv.dev
6
silverstripe
xxe vulnerability
csscontentparser
developer utility
html parsing
unit tests
xml external entity
xxe attacks
vulnerabilities
xss
mitigation
cve-2020-25817
SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity (XXE) attacks. When this developer utility is misused for purposes involving external or user submitted data in custom project code, it can lead to vulnerabilities such as XSS on HTML output rendered through this custom code. This is now mitigated by disabling external entities during parsing. (The correct CVE ID year is 2020 [CVE-2020-25817, not CVE-2021-25817]).
Related
osv
osv
BIT-silverstripe-2020-25817
2024-03-06 11:06:51
CVE-2020-25817
2021-06-08 18:15:07
prion
prion
Xxe
2021-06-08 18:15:00
nvd
nvd
CVE-2020-25817
2021-06-08 18:15:07
cvelist
cvelist
CVE-2020-25817
2021-06-08 17:54:01
cve
cve
CVE-2020-25817
2021-06-08 18:15:07
github
github
SilverStripe XXE Vulnerability in CSSContentParser
2022-05-24 19:04:19
veracode
veracode
XML External Entitty (XXE)
2021-06-09 05:16:36
friendsofphp
friendsofphp
CVE-2021-25817 XXE: Vulnerability in CSSContentParser
2021-06-07 22:31:00