Lucene search

K
osvGoogleOSV:GHSA-M8V7-X398-PXRF
HistoryMay 23, 2024 - 7:33 p.m.

Silverstripe XSS in CMS Edit Page

2024-05-2319:33:34
Google
osv.dev
4
silverstripe
xss
cms
edit page
parameter sanitisation
arbitrary html
attack
url

6.8 Medium

AI Score

Confidence

High

Due to a lack of parameter sanitisation a carefully crafted URL could be used to inject arbitrary HTML into the CMS Edit page.

An attacker could create a URL and share it with a site administrator to perform an attack.

6.8 Medium

AI Score

Confidence

High