Lucene search

K
osvGoogleOSV:GHSA-R32J-MR8P-HFP8
HistoryMay 23, 2024 - 2:57 p.m.

Silverstripe XSS in TreeDropdownField and TreeMultiSelectField

2024-05-2314:57:18
Google
osv.dev
2
silverstripe
xss
treedropdownfield
treemultiselectfield
vulnerability
data source
encoded content

6.4 Medium

AI Score

Confidence

High

A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField.

This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields.

This has been resolved by ensuring that all dataobjects used as a data source have their content safely encoded.

6.4 Medium

AI Score

Confidence

High