Silverstripe admin XSS Vulnerability via WYSIWYG editor

2024-05-2218:18:18

Google

osv.dev

silverstripe

admin

xss

vulnerability

wysiwyg

editor

malicious

javascript

cms

7.1 High

AI Score

Confidence

Low

JSON

It is possible for a bad actor with access to the CMS to make use of onmouseover or onmouseout attributes in the WYSIWYG editor to embed malicious javascript.

CPENameOperatorVersion
silverstripe/admineq1.0.3
silverstripe/admineq1.1.0

CPE	Name	Operator	Version
	silverstripe/admin	eq	1.0.3
	silverstripe/admin	eq	1.1.0

References

github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2018-004-1.yaml

github.com/silverstripe/silverstripe-admin

www.silverstripe.org/download/security-releases/ss-2018-004

7.1 High

AI Score

Confidence

Low

JSON