18 matches found
CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...
EUVD-2022-4365
Malicious code in bioql PyPI...
CVE-2024-47605
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
CVE-2024-47605
CVE-2024-47605 affects the SilverStripe ecosystem, specifically the silverstripe-asset-admin asset gallery when using the “insert media” feature. The vulnerability arises because the linked oEmbed JSON may include an HTML attribute that replaces the embed shortcode without sanitization, enabling ...
CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...
Silverstripe Asset Admin Module 跨站脚本漏洞
Silverstripe Asset Admin Module is an open source asset management module from Silverstripe. A cross-site scripting vulnerability exists in Silverstripe Asset Admin Module, which stems from the fact that HTML is not sanitized until the shortcode is replaced, allowing execution of script loads in...
Cross site scripting
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...
CVE-2022-38724
CVE-2022-38724 affects Silverstripe framework ≤ 4.11.0, Silverstripe assets ≤ 1.11.0, and Silverstripe asset-admin ≤ 1.11.0. The root cause is XSS via shortcodes when arbitrary attributes can be added to HTML editor shortcodes, due to missing attribute whitelists in shortcode providers. Reported ...
CVE-2022-38724
Silverstripe silverstripe/framework through 4.11.0, silverstripe/assets through 1.11.0, and silverstripe/asset-admin through 1.11.0 allow XSS...
silverstripe framework 跨站脚本漏洞
silverstripe framework is a set of CMS website framework. A security vulnerability exists in silverstripe framework version 4.11.0 and earlier, silverstripe/assets version 1.11.0 and earlier, and silverstripe/asset-admin version 1.11.0 and earlier. An attacker could exploit this vulnerability to...
PT-2022-24544 · Silverstripe · Silverstripe Asset-Admin +2
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11.0 and earlier Silverstripe silverstripe/assets versions 1.11.0 and earlier Silverstripe silverstripe/asset-admin versions 1.11.0 and earlier Description: The issue allows for cross-site...
SilverStripe asset-admin Cross-site Scripting (XSS)
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS...
GHSA-JGW2-F5MX-RG7H SilverStripe asset-admin Cross-site Scripting (XSS)
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS...
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS...
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS...
Cross site scripting
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS...
CVE-2019-14272
In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS...
CVE-2019-14272
CVE-2019-14272 affects SilverStripe asset-admin 4.0: there is a Cross‑Site Scripting (XSS) vulnerability in file titles managed via the CMS. Exploitation details or practical exploit paths are not provided in the connected documents; the vulnerability is confirmed in multiple sources (Red Hat, Gi...