7.1 High
AI Score
Confidence
Low
It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious javascript.
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2018-004-1.yaml
github.com/silverstripe/silverstripe-admin
www.silverstripe.org/download/security-releases/ss-2018-004