4 matches found
PT-2024-40127 · Packagist · Silverstripe Cms
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A cross-site scripting issue has been found in the CMS page history tab. This can be exploited if a user with CMS access posts malicious or unescaped HTML into any text fields on a...
GHSA-66JF-XM2M-7M8R Stored XSS in Compare Mode
A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view. This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that...
Stored XSS in Compare Mode
A malicious content author could add a Javascript payload to a page's meta description and get it executed in the versioned history compare view. This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged user to access the version history for that...
CVE-2022-38145 - Stored XSS in Compare Mode
More info at https://www.silverstripe.org/download/security-releases/cve-2022-38145...