7 matches found
CVE-2024-47605
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
CVE-2024-47605
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
CVE-2024-47605
creationtimestamp| type| source ---|---|--- 2025-01-14 23:09:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1634 2025-01-15 00:53:35+00:00| seen| https://t.me/cvedetector/15385...
CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
CVE-2024-47605
CVE-2024-47605 affects the SilverStripe ecosystem, specifically the silverstripe-asset-admin asset gallery when using the “insert media” feature. The vulnerability arises because the linked oEmbed JSON may include an HTML attribute that replaces the embed shortcode without sanitization, enabling ...
CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
CVE-2024-47605 - XSS via insert media remote file oembed
More info at https://www.silverstripe.org/download/security-releases/cve-2024-47605...